Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Corporations and Financial Services—Parliamentary Joint Committee—Regulation of auditing in Australia: Interim report—Report, February 2020


Download PDF Download PDF

February 2020

Parliamentary Joint Committee on Corporations and Financial Services

Regulation of Auditing in Australia: Interim Report

© Commonwealth of Australia

ISBN 978-1-76093-043-1

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia License.

The details of this licence are available on the Creative Commons website: http://creativecommons.org/licenses/by-nc-nd/3.0/au/.

Printed by the Senate Printing Unit, Parliament House, Canberra

iii

Members

Chair Senator James Paterson LP, VIC

Deputy Chair Mr Steve Georganas MP ALP, SA

Members Senator Andrew Bragg LP, NSW

Mr Jason Falinski MP LP, NSW

Mr Patrick Gorman MP ALP, WA

Ms Celia Hammond MP LP, WA

Senator Deborah O'Neill ALP, NSW

Senator Louise Pratt ALP, WA

Mr Bert van Manen MP LNP, QLD

Senator Peter Whish-Wilson AG, TAS

Dr Patrick Hodder, Committee Secretary Dr Jon Bell, Principal Research Officer Ms Ashlee Hill, Senior Research Officer Ms Eleonora Fionga, Administrative Officer

Suite SG.64 Telephone: +61 2 6277 3583

PO Box 6100 Fax: +61 2 6277 5719

Parliament House Email: corporations.joint@aph.gov.au Canberra ACT 2600 Website: www.aph.gov.au/joint_corporations

v

Contents

Members ............................................................................................................................................. iii

Recommendations .............................................................................................................................. ix

Abbreviations ..................................................................................................................................... xi

Chapter 1—Introduction .................................................................................................................... 1

Duties of the committee ...................................................................................................................... 1

Terms of reference ................................................................................................................................ 2

Conduct of the inquiry ........................................................................................................................ 2

Scope of inquiry.................................................................................................................................... 3

Background ........................................................................................................................................... 3

Purpose and importance of audit ........................................................................................... 3

Reasonable assurance and materiality .................................................................................. 4

Australia's audit market........................................................................................................... 5

Concerns about audit quality ............................................................................................................. 7

International perspective ......................................................................................................... 7

The Australian context ............................................................................................................. 8

Committee comment ......................................................................................................................... 11

Structure of this report ...................................................................................................................... 12

Government and agency response .................................................................................................. 12

Chapter 2—Legislative and regulatory framework .................................................................... 13

Overview ............................................................................................................................................. 13

Regulatory oversight ......................................................................................................................... 15

ASIC .......................................................................................................................................... 15

Financial Reporting Council .................................................................................................. 15

AASB and AUASB .................................................................................................................. 16

Companies Auditors Disciplinary Board ............................................................................ 16

Australian Professional and Ethical Standards Board ....................................................... 17

Audit committees .................................................................................................................... 17

Auditors' duties .................................................................................................................................. 18

Detecting fraud and misconduct .......................................................................................... 18

Reporting contraventions to ASIC ....................................................................................... 19

vi

Going concern ......................................................................................................................... 20

Key Audit Matters .................................................................................................................. 20

Auditor independence requirements .............................................................................................. 21

Independence provisions under the Corporations Act ..................................................... 21

Australian Auditing Standards ............................................................................................. 24

APESB Code of Ethics ............................................................................................................ 24

Chapter 3—Audit quality in Australia .......................................................................................... 27

Perceptions on audit quality in Australia ....................................................................................... 28

ASIC's audit inspection program—Process and limitations ............................................. 31

Enhancements to ASIC's audit inspection program .......................................................... 34

Stakeholder views on ASIC's audit inspection approach ................................................. 35

Suggestions for improvement .......................................................................................................... 37

Grading the severity of inspection findings ........................................................................ 37

Adoption of more balanced reporting ................................................................................. 39

Publication of individual firm inspection reports .............................................................. 40

Professional scepticism ..................................................................................................................... 40

Valuation and impairment of non-financial assets ............................................................ 41

The role of management and directors ........................................................................................... 43

General-purpose and special-purpose financial statements ............................................. 46

Committee view ................................................................................................................................. 47

The role and importance of auditing ................................................................................... 47

Genesis of the inquiry and committee approach ............................................................... 48

Audit quality and ASIC's audit inspection reporting ........................................................ 49

Chapter 4—Threats to auditor independence .............................................................................. 53

Provision of non-audit services to audited entities ....................................................................... 55

Restrictions and requirements .............................................................................................. 57

Are non-audit services an issue? .......................................................................................... 58

Separation of audit and non-audit services ........................................................................ 71

Alternative solutions .............................................................................................................. 75

Auditor familiarity with audited entities ....................................................................................... 81

Mandatory firm rotation ........................................................................................................ 82

Alternative solutions .............................................................................................................. 84

vii

Committee view ................................................................................................................................. 86

Chapter 5—Meeting user expectations ......................................................................................... 91

Expectations regarding fraud, misconduct and economic viability ........................................... 92

Link between corporate collapse and audit ........................................................................ 93

Expanding the scope of audit ........................................................................................................... 95

Strengthened reporting on fraud and assessment of going concern ............................... 97

Enhanced corporate financial reporting .............................................................................. 98

Digital Financial Reports ................................................................................................................. 100

Current status of digital financial reporting ..................................................................... 101

Benefits of digital financial reporting ................................................................................ 102

Costs of implementing digital financial reporting ........................................................... 104

Committee view ............................................................................................................................... 104

Expectation gap and increasing complexity ..................................................................... 104

Reporting on internal control frameworks........................................................................ 105

Digital Financial Reporting ................................................................................................. 105

Appendix 1—Submissions, answers to questions on notice, correspondence, additional hearing information and tabled documents ................................................................... 107

Appendix 2—Public hearings ....................................................................................................... 117

ix

Recommendations

Recommendation 1

3.114 The committee recommends that ASIC:

 formally review the manner in which it publically reports the periodic findings of its audit inspection program, giving appropriate consideration to approaches used internationally; and

 based on this review, develop and implement, by the end of the 2020-21 reporting period for its audit inspection program, a revised framework for reporting inspection findings, with a focus on the transparency and relative severity of identified audit deficiencies.

Recommendation 2

3.115 The committee recommends that the Australian Government introduce, by the end of the 2020-21 financial year, through appropriate legislation, a requirement that ASIC publish all future individual audit firm inspection reports on its website once ASIC has adopted a revised reporting framework referred to in Recommendation 1.

Recommendation 3

4.145 The committee recommends that the Financial Reporting Council, in partnership with ASIC, by the end of the 2020-21 financial year, oversee consultation, development and introduction under Australian standards of:

 defined categories and associated fee disclosure requirements in relation to audit and non-audit services; and  a list of non-audit services that audit firms are explicitly prohibited from providing to an audited entity.

Recommendation 4

4.146 The committee recommends that the Corporations Act 2001 be amended so that an auditor's independence declaration is expanded to require the auditor to specifically confirm that no prohibited non-audit services have been provided.

Recommendation 5

4.147 The committee recommends that the Australian Professional and Ethical Standards Board consider revising the APES 110 Code of Ethics to include a safeguard that no audit partner can be incentivised, through remuneration advancement or any other means or practice, for selling non-audit services to an audited entity.

x

Recommendation 6

4.151 The committee recommends that the Financial Reporting Council, by the end of the 2020-21 financial year, oversee the revision and implementation of Australian standards to require audited entities to disclose auditor tenure in annual financial reports. Such disclosure should include both the length of tenure of the entity's external auditor, and of the lead audit partner.

Recommendation 7

4.152 The committee recommends that the Corporations Act 2001 be amended to implement a mandatory tendering regime such that entities required to have their financial reports audited under the Act must:

 undertake a public tender process every ten years; or  if an entity elects not to undertake a public tender process, the entity must provide an explanation to shareholders in its annual report as to why this has not occurred.

The committee further recommends that such a tender process be implemented by 2022 for any entity that has had the same auditor for a continuous period of ten years since 2012.

Recommendation 8

5.64 The committee recommends that the Financial Reporting Council oversee a formal review, to report by the end of the 2020-21 financial year, of the sufficiency and effectiveness of reporting requirements under the Australian standards in relation to:

 the prevention and detection of fraud; and  management's assessment of going concern.

Recommendation 9

5.67 The committee recommends that the Corporations Act 2001 be amended such that entities required to have their financial reports audited under the Act must establish and maintain an internal controls framework for financial reporting. In addition, such amendments should require that:

 management evaluate and annually report on the effectiveness of the entity's internal control framework; and  the external auditor report on management's assessment of the entity's internal control framework.

Recommendation 10

5.71 The committee recommends that the Australian Government take appropriate action to make digital financial reporting standard practice in Australia.

xi

Abbreviations

AASB Australian Accounting Standards Board

AASB 1054 AASB 1054 Australian Additional Disclosures ACAG Australasian Council of Auditors General

AICD Australian Institute of Company Directors

ANAO Australian National Audit Office

APESB Accounting Professional and Ethical Standards Board APES 330 APES 330 Insolvency Services

APRA Australian Prudential Regulation Authority

ASAs Australian Auditing Standards

ASA 102 Auditing Standard ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements

ASA 200 Auditing Standard ASA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Australian Auditing Standards

ASA 220 Auditing Standard ASA 220 Quality Control for an Audit of a Financial Report and Other Historical Financial Information ASA 240 Auditing Standard ASA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of a Financial Report ASA 540 Auditing Standard ASA 540 Auditing Accounting Estimates

and Related Disclosures

ASA 570 Auditing Standard ASA 570 Going Concern

ASIC Australian Securities and Investments Commission

ASIC Act Australian Securities and Investments Commission Act 2001 ASQC 1 Auditing Standard ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and

Related Services Engagements

ASX Australian Securities Exchange

AUASB Australian Auditing and Assurance Standards Board BDO BDO Australia

CA ANZ Chartered Accountants Australia and New Zealand CADB Companies Auditors Disciplinary Board

CLERP 9 Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 CMA Competition and Markets Authority

Code of Ethics APES 110 Code of Ethics for Professional Accountants (including Independence Standards) the committee Parliamentary Joint Committee on Corporations and Financial Services

xii

Corporations Act Corporations Act 2001 CPS 220 Prudential Standard CPS 220 Risk Management

DFRs Digital Financial Reports

EU European Union

FRC Financial Reporting Council

G100 Group of 100

GPFSs General-Purpose Financial Statements

IAASB International Auditing and Assurance Standards Board IASB International Accounting Standards Board

IESBA International Ethics Standards Board for Accountants IPA Institute of Public Accountants

MFR mandatory firm rotation

NAB National Australia Bank

PCAOB Public Company Accounting Oversight Board PwC PricewaterhouseCoopers

PIE Public Interest Entity

RCA registered company auditor

RSM RSM Australia

SEC Securities and Exchange Commission

SOX Sarbanes-Oxley Act of 2002

SPFSs Special-Purpose Financial Statements

UK United Kingdom

US United States

1

Chapter 1 Introduction

Duties of the committee 1.1 The Parliamentary Joint Committee on Corporations and Financial Services (the committee) is established by Part 14 of the Australian Securities and Investments Commission Act 2001 (ASIC Act). Section 243 of the ASIC Act sets

out the committee's duties as follows:

(a) to inquire into, and report to both Houses on:

(i) activities of ASIC or the Takeovers Panel, or matters connected with such activities, to which, in the Parliamentary Committee's opinion, the Parliament's attention should be directed; or (ii) the operation of the corporations legislation (other than the excluded

provisions); or (iii) the operation of any other law of the Commonwealth, or any law of a State or Territory, that appears to the Parliamentary Committee to

affect significantly the operation of the corporations legislation (other than the excluded provisions); or (iv) the operation of any foreign business law, or of any other law of a foreign country, that appears to the Parliamentary Committee to affect

significantly the operation of the corporations legislation (other than the excluded provisions); and

(b) to examine each annual report that is prepared by a body established by this Act and of which a copy has been laid before a House, and to report to both Houses on matters that appear in, or arise out of, that annual report and to which, in the Parliamentary Committee’s opinion, the Parliament’s attention should be directed; and (c) to inquire into any question in connection with its duties that is referred to

it by a House, and to report to that House on that question.1

1 Australian Securities and Investments Commission Act 2001, s. 243.

2

Terms of reference 1.2 On 1 August 2019, the Senate referred an inquiry into regulation of auditing in Australia for report by 1 March 2020. The terms of reference are as follows:

(a) the relationship between auditing and consulting services and potential conflicts of interests; (b) other potential conflicts of interests; (c) the level and effectiveness of competition in audit and related consulting

services; (d) audit quality, including valuations of intangible assets; (e) matters arising from Australian and international reviews of auditing; (f) changes in the role of audit and the scope of audit products; (g) the role and effectiveness of audit in detecting and reporting fraud and

misconduct; (h) the effectiveness and appropriateness of legislation, regulation and licensing; (i) the extent of regulatory relief provided by the Australian Securities and

Investments Commission through instruments and waivers; (j) the adequacy and performance of regulatory, standards, disciplinary and other bodies; (k) the effectiveness of enforcement by regulators; and (l) any related matter.2

Conduct of the inquiry 1.3 The committee advertised the inquiry on its webpage and invited submissions from a range of relevant stakeholders. The committee set a closing date for submissions of 30 September 2019. On 14 August 2019, the committee

extended the submission closing date to 28 October 2019. On 12 February 2020, the Senate extended the time for the presentation of the report to 1 September 2020.3

1.4 The committee received 111 submissions, which are listed in Appendix 1. The committee also received additional information, including answers to questions taken on notice, as listed in Appendix 2.

1.5 The committee held the following public hearings:

 19 November 2019 in Sydney;  29 November 2019 in Canberra;  9 December 2019 in Melbourne; and  7 February 2020 in Canberra.

2 Journals of the Senate, No. 11, 1 August 2019, p. 334.

3 Journals of the Senate, No. 41, 12 February 2020, p. 1250.

3

1.6 Some references to the Committee Hansard are to the Proof Hansard and page numbers may vary between Proof and Official transcripts.

1.7 The committee thanks all individuals and organisations who participated in the inquiry, especially those who made written submissions and participated in public hearings. Further, the committee notes its appreciation to audit industry stakeholders for their willingness to engage in, and contribute to, discussion about the regulation of auditing in Australia and possible areas for improvement.

Scope of inquiry 1.8 The inquiry focuses on external audits of companies' financial reports as set out in Chapter 2M of the Corporations Act 2001 (Corporations Act).4 Therefore, unless otherwise stated, references to 'audit' in this report refer to an audit

carried out by a registered company auditor of a company's financial report as required and prepared under Chapter 2M of the Corporations Act.

Background

Purpose and importance of audit 1.9 A company's external stakeholders, particularly shareholders of listed companies, are generally quite separate from the company's management. Inevitability, management has access to more detail about the company and its

financial operations and position than any ordinary investor can hope to have. This results in the existence of an unavoidable asymmetry of information between the management of a company and its investors.

1.10 In order to explain its financial operations and, in turn, reduce the information asymmetry between management and investors, a company must prepare financial reports. A company's external stakeholders use the information contained in financial reports to assess the company, as well as the performance of management and those charged with its governance, in order to inform their decision-making.

1.11 Financial reports must be prepared in accordance with relevant legislation and standards; for instance, what information is to be included, how the value of company assets (tangible and intangible) is to be calculated and presented, and what explanations and declarations to provide.

1.12 An external audit provides an independent opinion on the integrity of the information contained in a company's financial report. Specifically, an auditor's opinion provides reasonable assurance as to whether a company's

4 Section 295 of the Corporations Act defines the contents of an annual financial report for a

financial year as consisting of the financial statements for the year; the notes to the financial statements; and the directors’ declaration about the statements and notes.

4

financial report complies, in all material respects, with relevant legislation and standards and gives a true and fair view of the company's financial operations.

1.13 As set out in the Australian Auditing Standards, the overall objectives of an auditor in conducting an audit of a financial report are:

(a) To obtain reasonable assurance about whether the financial report as a whole is free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial report is prepared, in all material respects, in accordance with an applicable financial reporting framework; and

(b) To report on the financial report, and communicate as required by the Australian Auditing Standards, in accordance with the auditor’s findings.5

1.14 By providing reasonable assurance of the accuracy of financial reports, audit is integral to enhancing investor confidence and thereby, to supporting the efficient and effective allocation of resources within Australia's capital markets. Audit is therefore a key element of Australia's wider financial reporting framework, and an essential prerequisite to strong economic growth.

1.15 Treasury summarised the importance of audit in its submission:

In Australia capital is allocated by the market. Markets require adequate information to function efficiently. Investors require accurate, relevant, and comparable information to make decisions about which investments suit them best, and how much they should invest. This applies whether investors are entities or individuals, with large or small amounts of capital at their disposal.

These decisions will collectively determine how capital is allocated in the economy. If capital is directed towards productive firms, the economy will grow more quickly. If capital is misdirected to less productive firms, the economy will not grow as quickly as it otherwise would.

Audit is therefore one element of a broader financial reporting system, but it is significant because it constitutes the principal independent, external check on the integrity and reliability of companies’ financial reporting. It adds credibility to the financial statements prepared by companies, increasing shareholders’ and other users’ confidence in them.6

Reasonable assurance and materiality 1.16 As pointed to above, an auditor's opinion provides reasonable assurance about whether a company's financial report as a whole is prepared in accordance with relevant legislation and standards, and is free from material

5 Auditing Standard ASA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit

in Accordance with Australian Auditing Standards, para. 11.

6 Treasury, Submission 15, pp. 2-3.

5

misstatement. Reasonable assurance is obtained when an auditor has acquired sufficient and appropriate evidence such that the risk of expressing an inappropriate audit opinion regarding a company's financial report (that is, that the financial report is materially misstated) is reduced to an acceptably low level.7

1.17 While the reasonable assurance obtained in an audit is a high level of assurance, it is not an absolute level of assurance. Absolute assurance cannot be achieved due to inherent limitations of an audit; namely, the limited sampling approach used in conducting an audit (see below) and the contingent judgements and estimates applied to asset valuations in financial reports. For that reason, an auditor's opinion does not guarantee a company's future viability, 8 nor does it assure the effectiveness and efficiency of management in conducting the company's affairs.9

1.18 The concept of materiality as it pertains to audit refers to information that, if incorrect or omitted from a financial report, would be significant enough to influence the economic decisions made by users of the financial report. Misstatements of information only affect an audit opinion where they are considered to be material to the financial report as a whole, either individually or in aggregate.10

1.19 Chartered Accountants Australia and New Zealand outlined how the materiality level for a listed company audit is applied in practice:

Auditors do not check every transaction as it is cost prohibitive and time intensive. Rather they perform sample testing of controls and transactions and they review assumptions around valuations. A common materiality level for a listed company is 5 per cent of profit before tax. One way to think about materiality is that it means the auditor designs their testing to identify errors in the financial report that are material. For example, say the profit is $100 million; the auditor will design their audit to identify misstatements in the financial statement greater than $5 million (5 per cent of $100 million).11

7 Australian National Audit Office, Submission 45, p. 2; Chartered Accountants Australia and New

Zealand, Submission 2, p. 5.

8 While not required to assure the future viability of an entity, an auditor is required to form a view

on management's assessment of whether the entity in question can continue as a going concern for the 12 months following the date of the auditor's report.

9 Treasury, Submission 15, p. 4; Australian National Audit Office, Submission 45, p. 2.

10 Australian National Audit Office, Submission 45, p. 3; Chartered Accountants Australia and

New Zealand, Submission 2, p. 9.

11 Chartered Accountants Australia and New Zealand, Submission 2, p. 9.

6

Australia's audit market

Market structure 1.20 The audit market in Australia comprises several sub-markets. Principally, the two major sub-markets are Public Interest Entities12 (PIEs) and private entities. The financial reports of approximately 2,200 Australian listed entities and

6,000 large private entities are audited by Australian auditors each year.13 Other audit sub-markets include public sector and not-for-profit entities.

1.21 The four largest audit firms in Australia (known collectively as the 'Big Four') are PricewaterhouseCoopers (PwC), Deloitte, EY, and KPMG, with combined revenue of $8.57 billion in 2019. The next two largest audit firms are BDO and Grant Thornton, with respective revenues of $299 million and $266 million in 2019.14

1.22 The upper end of the PIE audit market is characterised by high market concentration of the Big Four audit firms, with 90-92 per cent of top 200 largest Australian listed entities by market capitalisation audited by the Big Four between 2012 and 2018.15 The Big Four audited 65-71 per cent of the next 300 largest listed entities and 31-34 per cent of the medium listed entities by market capitalisation over the same period, indicating that the Australian audit market for listed companies is both highly segmented and supplier concentrated.16

1.23 While the concentration of the Big Four audit firms by market capitalisation in Australia is similar to that of other major jurisdictions, the overall market share of the Big Four audit firms is not nearly so concentrated, declining from 41 per cent of Australian listed companies in 2012 to 38 per cent in 2018. In comparison, the Big Four firms audit 70 per cent and 84 per cent of the listed

12 As defined in the APES 110 Code of Ethics for Professional Accountants (including Independence

Standards), a Public Interest Entity is (a) A Listed Entity; or (b) An entity (i) Defined by regulation or legislation as a public interest entity; or (ii) For which the audit is required by regulation or legislation to be conducted in compliance with the same independence requirements that apply to the audit of Listed Entities. Such regulation might be promulgated by any relevant regulator, including an audit regulator.

13 Chartered Accountants Australia and New Zealand, Submission 2, p. 1.

14 Respective revenues of the Big Four in 2019 were: PwC, $2.6 billion; Deloitte, $2.3 billion; EY,

$1.89 billion; and KPMG, $1.78 billion. See Edmund Tadros, 'Financial Review Top 100 Accounting Firms 2019', Financial Review, 11 November 2019, https://www.afr.com/companies/professional-services/financial-review-top-100-accounting-firms-2019-20191111-p539fb (accessed 8 January 2020).

15 Australian Auditing and Assurance Standards Board, Research Report 3: Audit Market Structure and

Competition in Australia 2012-2018, 8 October 2019, p. 6.

16 Australian Auditing and Assurance Standards Board, Research Report 3: Audit Market Structure and

Competition in Australia 2012-2018, 8 October 2019, Executive Summary.

7

client market in the United States (US) and United Kingdom (UK) respectively.17

Increasing complexity of audit 1.24 The business environment in which auditors operate has changed in recent decades. Companies are expanding and operating on an increasingly diverse and global scale; and with this, company transactions, group structures, and

regulatory requirements are becoming more complex.18

1.25 Company expectations regarding the role of the auditor itself have also changed. To meet the demand created by more complex business environments, the original mandate to audit companies' financial reports has expanded to the provision of multidisciplinary professional services. Audit firms now also provide a wide range of non-audit advisory and consulting services in areas including accounting, risk, tax and policy advice, culture, technology, marketing and compliance. Such matters are integral to a company's overall performance and reporting, but are not directly included in its financial statements.19

Concerns about audit quality 1.26 As previously highlighted, by supporting the quality of financial reports, audit plays an important role in the effective operation of capital markets. Audit quality is therefore critical to ensuring that stakeholders are confident and

suitably informed when making economic decisions based on financial reports.

1.27 In recent years, public concerns relating to audit quality have been raised repeatedly at both a domestic and international level. In particular, the quality of Big Four audits on large companies has been a focus of ongoing commentary and public inquiry.20

International perspective 1.28 Internationally, much of this public concern has stemmed from high-profile collapses of corporate entities; for example, the collapses of US corporations

17 Australian Auditing and Assurance Standards Board, Research Report 3: Audit Market Structure and

Competition in Australia 2012-2018, 8 October 2019. See also Australian Auditing and Assurance Standards Board, Submission 22, p. 8.

18 See, for example, Australian Auditing and Assurance Standards Board, Submission 22, p. 4;

Accounting Professional and Ethical Standards Board, Submission 42, p. 3; Professor Ken Trotman, Submission 56, p. 1.

19 See, for example, Group of 100, Submission 35, p. 4; Professor James Guthrie AM, Submission 39,

p. 3; Australian Institute of Company Directors, Submission 66, p. 2.

20 In particular, the Australian Financial Review has regularly commented on the quality of audit

services and associated issues in its coverage of the professional services sector, largely in relation to the Big Four firms.

8

Enron and WorldCom in the early 2000s and, more recently, the 2018 collapse of Carillion Group in the UK. Ensuing reviews into audit quality have focused on conflicts of interest and any resulting consequences for auditor independence and the application of sufficient professional scepticism by the auditor.

1.29 Typical market reforms proposed and, in some cases, implemented with the aim of improving audit quality include:

 limiting audit tenure through mandatory partner or firm rotation;  limiting the provision of non-audit services by the incumbent auditor;  regulator appointment of auditors and/or setting of audit fees;  joint auditing of larger listed companies; and  an operational split between audit and non-audit services provided by audit

firms. 21

1.30 Recent reviews relevant to audit quality in the UK and commissioned by government include the:

 Independent Review of the Financial Reporting Council by Sir John Kingman (Kingman Review);  Competitions and Market Authority (CMA) study of the statutory audit services market; and  Independent review into the quality and effectiveness of audit by

Sir Donald Brydon (Brydon Review).

1.31 International approaches and proposals for reform to improve audit quality are discussed where relevant throughout this report.

The Australian context 1.32 In the Australian context, audit quality has been of interest to the committee for some years, featuring in a number of its statutory oversight reports in recent Parliaments. 22 The committee's long-standing interest in audit quality

has largely emanated from concerns raised by the Australian Securities and Investments Commission (ASIC).

1.33 In its role as conduct regulator responsible for regulatory oversight of the Corporations Act, ASIC assesses auditors' compliance with audit requirements

21 See, for example, Professor Michael Bradbury and Associate Professor Bryan Howieson,

Submission 13; Competition and Markets Authority, Statutory audit services market study, April 2019.

22 See, for example, Parliamentary Joint Committee on Corporations and Financial Services

(PJC CFS), Statutory oversight of the Australian Securities and Investments Commission, No. 1 of the 43rd Parliament, February 2013; PJC CFS, Statutory oversight of the Australian Securities and Investments Commission, No. 3 of the 43rd Parliament, July 2013; PJC CFS, Statutory oversight of the Australian Securities and Investments Commission, No. 1 of the 45th Parliament, February 2019.

9

under the Act primarily through its ongoing audit inspection program.23 ASIC uses risk-based methodology to select firms, audit files, and key audit areas for review. As noted in ASIC's Audit inspection report for 2018-19, the objective of the audit inspection program 'is to promote the improvement and maintenance of audit quality'.24

1.34 As illustrated in Table 1.1, successive findings from ASIC's audit inspection program show an apparent ongoing deterioration in audit quality.

Table 1.1 Adverse audit file review findings on key audit areas for all audit firms inspected

Period Adverse findings for

all audit firms inspected

Key audit areas reviewed

18 months to 30 June 2012 18% 602

18 months to 31 December 2013 20% 454

18 months to 30 June 2015 19% 463

18 months to 31 December 2016 25% 390

18 months to 30 June 2018 24% 347

12 months to 30 June 2019 26% 207

Source: ASIC Report 648—Audit inspection program report for 2018-19, p. 5.

1.35 Indeed, as far back as December 2012, Mr Greg Medcraft, former ASIC Chairman, noted his considerable disappointment and frustration in audit inspection results:

Tomorrow we will release our audit inspection report for 18 months to 30 June 2012, which shows there has been no improvement in audit quality since our last report. In fact, our review shows an increase in instances where auditors failed to perform all the procedures necessary to obtain a reasonable assurance that the audited financial statements were not materially misstated.

The report will be released tomorrow, so I will have more to say about it then. These results, as I pointed out last year, when we released them, the observation was 15 per cent of what we inspected was found to be inadequate. That number has gone up, not down, and last year I indicated that a level of 15 per cent was already far too high in terms of having problems where it really was inadequate evidence to support an audit opinion. I think clearly we expect as a country that that number should be

23 ASIC’s audit inspection program commenced after the passing of the Corporate Law Economic

Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (CLERP 9).

24 Australian Securities and Investments Commission, Report 648—Audit inspection report for 2018-19,

December 2019, p. 4.

10

substantially less than 10 per cent and, in terms of audit quality, significantly less. These results, I find, being a former auditor and chartered accountant, very disappointing and frustrating. I consider what we are seeing now as second strike for the audit sector and it is clearly one I think the profession should consider itself on notice: it needs to lift its game.25

1.36 At that time, Mr Medcraft commented that the level of scepticism being exercised by auditors 'was often found wanting'. Mr Medcraft also noted that, internationally, measures such as audit firm rotation had been discussed as a possible solution to improve audit quality.26

1.37 In evidence to the committee in October 2017, Mr Medcraft again raised the issue of audit quality, stating that 'audit quality continues to decline, as reflected in our reports every 18 months. The audit firms themselves are concerned about it'.27

1.38 More recently, the committee noted ongoing concerns in its statutory oversight report of the 45th Parliament. The committee acknowledged concern about audit quality as a global issue, and that 'there is debate about both the severity of the problem, and potential solutions'.28 The committee recommended that ASIC devise and conduct, alongside or within its current audit inspection program, a study which would generate results which are comparable over time to reflect changes in audit quality.

1.39 Relevant to the committee's recommendation, in December 2019, ASIC published Report 649—Audit quality measures, indicators and other information: 2018-19, which was intended to supplement ASIC's latest audit inspection findings and to promote:

 discussion on the measures and indicators that might be used by auditors and audit committees in monitoring initiatives to improve audit quality; and  good behaviours by auditors and audit committees that support audit

quality.29

25 Mr Greg Medcraft, Chairman, Australian Securities and Investments Commission, Committee

Hansard, 3 December 2012, p. 12.

26 Mr Greg Medcraft, Chairman, Australian Securities and Investments Commission, Committee

Hansard, 3 December 2012, pp. 19-20.

27 Mr Greg Medcraft, Chairman, Australian Securities and Investments Commission, Committee

Hansard, 27 October 2017, p. 21.

28 Parliamentary Joint Committee on Corporations and Financial Services, Statutory oversight of the

Australian Securities and Investments Commission, No. 1 of the 45th Parliament, February 2019, p. 22.

29 Australian Securities and Investments Commission, Report 649—Audit quality measures, indicators

and other information: 2018-19, December 2019, p. 1.

11

1.40 ASIC's audit inspection program, as well as other matters relevant to audit quality in Australia, are discussed in detail in Chapter 3.

Committee comment 1.41 The quality of external audits of financial reports affects everybody. All Australians, whether or not they are directly aware, rely on auditors as important gatekeepers within the wider financial reporting system. As such,

the committee concurs with the views expressed in the recent report of the CMA in the UK:

Audits cannot be expected to prevent company failure, nor are they likely to be the cause of failure; but they are a vital part of the warning system that should protect savers’ interests.30

1.42 There is no doubt that audit quality is a global issue, with calls for regulatory reform in recent years following high-profile corporate failures internationally, most notably in the UK. As articulated by ASIC:

If a company fails but its financial report did not properly show its declining financial position and results, or going concern issues, it is reasonable for questions to be asked about the role played by the company directors and the auditor. Questions may also be asked if investment decisions are made using financial reports that do not reflect a company’s true financial position and performance.31

1.43 Despite the absence of such high-profile failures in Australia, the committee considers that it is timely to consider audit regulation in Australia, given the persistence of concerns regarding audit quality. However, while international proposals for reform are worth considering, it is important to acknowledge that the regulatory framework for auditing in Australia is not homogenous with other jurisdictions. Of course, there will always be arguments for and against various policy options, but reforms suggested internationally may not necessarily be in the best interests of audit quality in Australia. Any amendments to current regulatory arrangements need to be carefully considered in the context of the Australian market.

1.44 The committee is also mindful that there is a distinction between the existence of issues that result in actual variation in audit quality outcomes, and issues that are based predominantly on perception. While perceptions relating to audit quality are important (as audit quality is assessed by the market), in the interests of avoiding unintended consequences and best facilitating improved outcomes, the committee is of the view that any reform to audit regulation in Australia should be based on good evidence of its effectiveness. Further, in considering options for regulatory reform, the effectiveness of existing arrangements in meeting stated objectives should also be evaluated.

30 Competition and Markets Authority, Statutory audit services market study, April 2019, p. 6.

31 Australian Securities and Investments Commission, Submission 16, p. 1.

12

Structure of this report 1.45 This report comprises five chapters, including this introductory chapter:

 Chapter 2 provides an overview of Australia's legislative and regulatory framework for audit.  Chapter 3 reviews matters relevant to the state of audit quality in Australia.  Chapter 4 discusses threats to auditor independence, as a key component of

audit quality, as well as potential solutions to these threats.  Chapter 5 examines the gap that exists between the regulatory requirements pertaining to audit and the public's expectations of the functions of an audit, as well as proposals to expand the scope of audit to better meet user needs.

1.46 Matters raised in this report are intended to provide an indicative, though not exhaustive, overview of the issues examined during the committee's inquiry.

Government and agency response 1.47 While this is an interim report, it contains several substantive policy recommendations. The committee therefore expects the government and the various regulatory agencies to respond in a timely manner to the

recommendations in this report.

13

Chapter 2

Legislative and regulatory framework

Overview 2.1 Audit in Australia is governed by a regulatory framework comprised of legislation, standards, regulatory and professional bodies, and disciplinary boards (Figure 2.1). Chapter 2M of the Corporations Act 2001 (Corporations Act)

sets out the comprehensive legislative requirements for financial reporting and auditing, including that all public companies and large proprietary companies provide audited annual financial reports to the Australian Securities and Investments Commission (ASIC).1

2.2 The Corporations Act explicitly mandates that financial reports and audits comply with the accounting and auditing standards,2 and delegates the creation and maintenance of these standards to the Australian Accounting Standards Board (AASB) and Australian Auditing and Assurance Standards Board (AUASB) respectively.3

2.3 Chapter 9 of the Corporations Act establishes a scheme for the regulation of registered company auditors (RCAs), requiring that prospective auditors meet extensive conditions relating to education, experience, competency and integrity in order to be registered, and to maintain registration, with ASIC. Only RCAs (hereafter referred to simply as 'auditors') can perform audits under the Corporations Act. Persons or entities eligible to be appointed as the auditor of a company are an individual, an audit firm, or an authorised audit company.4

2.4 The Corporations Act also sets out general and specific requirements relating to auditor independence to address conflicts of interest in relation to an audited body.5 These requirements are outlined in detail later in this chapter.

1 Corporations Act 2001, s. 301. The thresholds that define a large proprietary company increased as

of 1 July 2019. A proprietary company is now defined as 'large' if it meets at least two of the following thresholds in a given financial year: $50 million or more in consolidated revenue; $25 million or more in consolidated gross assets; and 100 or more employees, see Corporations Act 2001, ss. 45A(3).

2 Corporations Act 2001, s. 296 and s. 307A.

3 Corporations Act 2001, s. 334 and s. 336.

4 Corporations Act 2001, s. 324AA. In the case of an audit firm, at least one member of the firm must

be an RCA. If an audit firm is appointed as the auditor of a company, then all the RCAs who are members of that firm are treated as auditors of the company, see Corporations Act 2001, s. 324AA, 324AB and 324BB.

5 See Corporations Act 2001, Part 2M.4, Division 3.

14

Figure 2.1 Overview of Australia's financial reporting framework

Source: The Treasury, Submission 15, p. 6.

15

Regulatory oversight 2.5 The statutory bodies responsible for developing standards and monitoring and enforcing the financial reporting requirements of the Corporations Act are created under the Australian Securities and Investments Commission Act 2001

(ASIC Act). As illustrated in Figure 2.1, these bodies include ASIC, the Financial Reporting Council (FRC), AASB, AUASB, and the Companies Auditors Disciplinary Board (CADB). The regulatory roles and responsibilities of each of these statutory bodies are outlined below. The role of the

non-statutory body, the Australian Professional and Ethical Standards Board (APESB), and audit committees are also summarised.

ASIC 2.6 As the conduct regulator for Australia's corporate and capital markets, ASIC is responsible for assessing compliance with the financial reporting and audit requirements of the Corporations Act, and for taking enforcement action

where appropriate. ASIC also has responsibility for the registration of company auditors, cancelling registration at the request of an auditor, and consenting to an auditor's resignation as the auditor of an individual public company.

2.7 Where an individual auditor is found to have contravened the Corporations Act, ASIC considers whether to refer the auditor's conduct to CADB, use an enforceable undertaking,6 or undertake civil or criminal litigation where circumstances warrant.

Financial Reporting Council 2.8 The FRC is the statutory advisory body responsible for overseeing the effectiveness of Australia's financial reporting framework. The FRC's role includes the oversight and setting of the broad strategic direction of the AASB

and AUASB. However, the FRC is not able to direct that accounting and auditing standards be set in a particular way.7 Under its remit, the FRC also provides strategic advice to ASIC and the government on matters regarding the quality of audit in Australia and related effects on the wider financial reporting framework.

2.9 It is important to note that the FRC in Australia and the Financial Reporting Council in the United Kingdom (UK), while of the same name, are very

6 ASIC's use of enforceable undertakings as an enforcement tool (as opposed to litigation) was the

subject of robust discussion during the Financial Services Royal Commission. However, with respect to auditing, RSM Australia argued that the practical effect of an enforceable undertaking 'is often to effectively end the individual's career as an auditor'. See RSM Australia, Submission 51, [p. 4].

7 See Ms Kate O'Rourke, Principal Adviser, Consumer and Corporate Policy Division, Treasury,

Committee Hansard, 29 November 2019, pp. 78-79.

16

different bodies with distinct roles. Ms Kate O'Rourke, Principal Adviser, Consumer and Corporate Policy Division at the Treasury, outlined the key differences:

 in the UK, the FRC is responsible for regulation, standard setting and enforcement.  in Australia, the standard setting and advisory bodies (including the FRC) exist separately from the legislative framework, and separate from ASIC

which is responsible for regulatory oversight and enforcement.8

AASB and AUASB 2.10 The AASB and AUASB are independent standard-setting bodies. Primarily, their respective responsibilities are to develop, issue and maintain Australian Accounting Standards and Australian Auditing Standards (ASAs) under

sections 334 and 336 the Corporations Act. Accounting and auditing standards made under the Corporations Act are legislative instruments under the Legislative Instruments Act 2003. That is, they are legally enforceable.

2.11 The statutory functions of the AASB and AUASB under the ASIC Act also allow for the formulation of standards for other purposes. For example, the AUASB's standards on assurance engagements establish requirements for undertaking and reporting on assurance engagements of non-financial information.

2.12 ASAs and other pronouncements issued by the AUASB are sector and framework neutral, and therefore applicable to private for-profit, not-for-profit, and public entities. ASAs are also principles-based, encouraging auditors to exercise professional judgement and scepticism in conducting the audit function as well as allowing for modification as necessary.9

2.13 In line with the strategic direction from the FRC, ASAs are consistent with the standards developed by the international standards setting boards of the International Federation of Accountants.10 Specifically, ASAs are based on the standards issued by the International Auditing and Assurance Standards Board (IAASB). The international standards on auditing set by the IAASB are well-recognised and generally accepted worldwide. 11

8 Ms Kate O'Rourke, Principal Adviser, Consumer and Corporate Policy Division, Treasury,

Committee Hansard, 29 November 2019, p. 78.

9 Australian Auditing and Assurance Standards Board, Submission 22, p. 2.

10 Similarly, Australian Accounting Standards are based on the IFRS Foundation's standards set by

the International Accounting Standards Board.

11 IAASB-IESBA, Submission 18, p. 1; Australian Auditing and Assurance Standards Board,

Submission 22, p. 1.

17

Companies Auditors Disciplinary Board 2.14 CADB's primary function is to act as an independent, administrative disciplinary body for auditors registered by ASIC under the Corporations Act. On application from ASIC or the Australian Prudential Regulation Authority

(APRA),12 and if satisfied that an auditor does not comply with the matters set out in section 1292 of the Corporations Act, CADB may impose a sanction on an auditor, including to either cancel or suspend the auditor's registration under the RCA scheme.13

Australian Professional and Ethical Standards Board 2.15 Established in 2006, the APESB is a not-for-profit, independent body. The APESB's members comprise the three largest professional accounting bodies in Australia—CPA Australia, Chartered Accountants Australia and New Zealand

and the Institute of Public Accountants—who also fund and appoint members to the Board. The primary purpose of the APESB is to develop, issue and maintain professional and ethical pronouncements for the Australian accounting and auditing professions.

2.16 The APESB's pronouncements include APES 110 Code of Ethics for Professional Accountants (including Independence Standards) (Code of Ethics). Auditing Standard ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements (ASA 102) requires auditors to comply with the ethical requirements in the APES 110 Code of Ethics. Accordingly, auditors are legally obliged to comply with the Code of Ethics for audits performed of entities subject to the Corporations Act.

Audit committees 2.17 While not required by the Corporations Act, the Australian Securities Exchange (ASX) Listing Rules mandate that entities in the S&P All Ordinaries Index (that is, the largest 500 entities by market capitalisation) have an audit

committee.14 Those entities included in the S&P/ASX 300 Index must also comply with the ASX's best-practice recommendations in relation to the composition and operation of the audit committee.15

12 CADB has not received any applications from APRA since its establishment.

13 At the time of writing, ASIC action had resulted in deregistration or suspension of 21 auditors,

either through referrals to CADB or enforceable undertakings. See Companies Auditors Disciplinary Board, Submission 41, p. 8; Australian Securities and Investments Commission, Submission 16, p. 15.

14 APRA's prudential standards contain a similar audit committee requirement that is mandatory for

APRA-regulated entities.

15 Australian Securities Exchange, ASX Listing Rules—Chapter 12: On-going requirements, available at:

https://www.asx.com.au/regulation/rules/asx-listing-rules.htm (accessed 15 January 2020).

18

2.18 Audit committees are established by a company's board of directors as a sub-committee and its powers are delegated by the board. While not set out in legislation, an audit committee is responsible for overseeing an entity's financial reporting, as well as its internal control and risk management systems. With regard to external audit functions, an audit committee's oversight role usually includes running the tender process, setting the audit fee, ensuring that auditor independence requirements are met, and engaging with the auditor regarding financial reporting matters and risks.16

Auditors' duties 2.19 Auditors must fulfil certain duties in performing the audit of a financial report under the Corporations Act. An auditor must report to shareholders whether they are of the opinion that a company's financial report is in compliance with

accounting standards, and that it gives a true and fair view of the financial positon and performance of the company. If the auditor forms an opinion that a financial report does not comply with an accounting standard, the auditor's report must quantify the effect of this non-compliance on the financial report.17

2.20 The auditor of an entity is required to sign the auditor's report in both their own name and the name of their firm. Specifically, subsection 324AB(3) of the Corporations Act stipulates:

(3) A report or notice that purports to be made or given by a firm appointed as auditor of a company or registered scheme is not taken to be duly made or given unless it is signed by a member of the firm who is a registered company auditor both:

(a) in the firm name; and (b) in his or her own name.18

2.21 Auditors are legally obliged to apply reasonable care and skill in performing the audit function. Broadly, to maintain their registered status, an auditor must comply with the relevant requirements set out in the Corporations Act (including the obligation to continuously maintain fitness and propriety at all times),19 ASAs, and APESB pronouncements.20

16 Treasury, Submission 15, p. 17; Chartered Accountants Australia and New Zealand, Submission 2,

p. 9

17 Corporations Act 2001, s. 308.

18 Corporations Act 2001, ss. 324AB(3).

19 Corporations Act 2001, s. 1292.

20 Compliance with the auditing standards issued by the AUASB was made a legal requirement with

the enactment of the Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (CLERP 9).

19

Detecting fraud and misconduct 2.22 Under the auditing standards issued by the AUASB, a key objective of an auditor in conducting an audit of a financial report is to obtain reasonable assurance about whether the financial report as a whole is free from material

misstatement, whether due to fraud or error. In forming this opinion, the auditor has responsibility to consider and assess the risk of material misstatement in the financial report due to fraud or non-compliance with laws and regulations.21

2.23 Auditing Standard ASA 240 The Auditor's Responsibility Relating to Fraud in an Audit of a Financial Report (ASA 240) contains specific requirements of auditors in relation to identifying material misstatement due to fraud, including that an auditor respond appropriately to fraud or suspected fraud identified during the audit. ASA 240 requires auditors to maintain professional scepticism in considering the risk of material misstatement due to fraud; however, it recognises that it is not always possible to detect every instance of fraud, for example where collusion is involved. ASA 240 also states that 'the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management'.22

2.24 Auditing Standard ASA 250 Consideration of Laws and Regulations in an Audit of a Financial Report (ASA 250) deals with an auditor's responsibility to consider non-compliance with laws and regulations. ASA 250 explicitly states that, owing to the inherent limitations of an audit, 'the auditor is not responsible for preventing non-compliance and cannot be expected to detect non-compliance with all laws and regulations'.23

2.25 The Corporations Act makes no explicit reference to any responsibility of auditors with respect to fraud.

Reporting contraventions to ASIC 2.26 Auditors are required to report contraventions or suspected contraventions of the Corporations Act to ASIC, including where they identify fraud or misconduct.24 Specifically, section 311 of the Corporations Act mandates that

21 Auditing Standard ASA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit

in Accordance with Australian Auditing Standards, para. 11.

22 Auditing Standard ASA 240, The Auditor's Responsibilities Relating to Fraud in an Audit of a Financial

Report, para. 4.

23 Auditing Standard ASA 250, Consideration of Laws and Regulations in an Audit of a Financial Report,

para. 4.

24 ASIC received a total of 847 notifications from auditors under sections 311, 601HG and 990K of the

Corporations Act in 2018-19, an increase from the 570 notifications received in 2017-18. See Australian Securities and Investments Commission, Submission 16, pp. 12 and 24.

20

an auditor must report to ASIC if, during the course of an audit, the auditor is aware of circumstances that:

 the auditor has reasonable grounds to suspect amount to a significant contravention of the Corporations Act;25 or  amount to an attempt, in relation to the audit, by any person to unduly influence, coerce, manipulate or mislead a person involved in the conduct of

the audit; or  amount to an attempt, by any person, to otherwise interfere with the proper conduct of the audit.26

Going concern 2.27 An entity's financial reports are prepared on the assumption that the entity is a going concern; that is, that the entity will continue its operation for the foreseeable future. Australian Accounting Standards require that, when

preparing financial statements, management must make an assessment of the entity's ability to continue as a going concern. If management is aware of any material uncertainties related to events or conditions that may cast significant doubt on the entity's ability to continue as a going concern, then management must disclose those uncertainties.27

2.28 Auditing Standard ASA 570 Going Concern (ASA 570) deals with an auditor's responsibilities in the audit of an entity's financial report relating to going concern and the associated implications for the auditor's report. ASA 570 requires that auditors evaluate and conclude, based on the audit evidence obtained, the appropriateness of management's assessment of the entity's ability to continue as a going concern.28

Key Audit Matters 2.29 In December 2016, auditors' responsibilities were expanded under the ASAs with the introduction of the requirement that an auditor communicate key audit matters in the auditor's report. Auditing Standard ASA 701

Communicating Key Audit Matters in the Independent Auditor’s Report (ASA 701) addresses the auditor's judgement as to what to communicate in the auditor's report as well as the form and content of such information. ASA 701 explains:

The purpose of communicating key audit matters is to enhance the communicative value of the auditor's report by providing greater

25 The auditor does not have to report to ASIC if the contravention is not a significant one and the

auditor believes that the contravention has been or will be adequately dealt with by commenting on it in the auditor's report or bringing it to the attention of the entity's directors. See Corporations Act 2001, subpara. 311(1)(b)(ii).

26 Corporations Act 2001, ss. 311(1).

27 See Australian Accounting Standard AASB 101 Presentation of Financial Statements, paras. 25-26.

28 See Auditing Standard ASA 570 Going Concern, paras. 6-7.

21

transparency about the audit that was performed. Communicating key audit matters provides additional information to intended users of the financial report ('intended users') to assist them in understanding those matters that, in the auditor's professional judgement, were of most significance in the audit of the financial report of the current period.29

Auditor independence requirements 2.30 Auditor independence is fundamental to performing a high quality audit and, in turn, to enhancing users' confidence and trust in a company's financial report. Auditor independence comprises two elements, independence of mind

and independence in appearance. As explained by the Australian National Audit Office, these dimensions of independence refer to:

…a state of mind where professional judgment is not compromised by bias, conflict of interest or undue influence. An auditor must be independent, and be seen to be independent, for their opinions, findings, conclusions, judgements and recommendations to be impartial and viewed as impartial by reasonable and informed third parties.30

2.31 The independence of an auditor may be impaired by a number of factors and situations that result in a conflict of interest. These include the provision of non-audit services to an audited entity, long-standing associations between an auditor and audited entity, and the existence of certain relationships that are considered non-independent.

2.32 The last significant reforms to auditor independence requirements in Australia were introduced by the Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (commonly called CLERP 9). CLERP 9 implemented a number of obligations for auditors under the financial reporting provisions of the Corporations Act aimed at strengthening auditors' capacity to act independently and to exercise objective and impartial judgment when conducting an audit.

Independence provisions under the Corporations Act 2.33 The Corporations Act contains general auditor independence requirements for dealing with conflict of interest situations, as well as specific requirements relating to relationships between auditors and the entities they audit.31

2.34 Under the general auditor independence requirements of the Corporations Act, an auditor contravenes the independence provisions if:

29 Auditing Standard ASA 701, Communicating Key Audit Matters in the Independent Auditor’s Report,

para. 2.

30 Australian National Audit Office, Submission 45, p. 5. See also Australian Auditing and Assurance

Standards Board, Submission 22, p. 4.

31 APRA's Prudential Standards also contain independence requirements that are largely consistent

with the independence requirements under the Corporations Act.

22

 they engage in audit activity in relation to an audited body at a particular time; and  a 'conflict of interest situation' existed in relation to the audited body at that time; and  they are aware that the conflict of interest situation existed at that time; and  they did not, as soon as possible after becoming aware, take all reasonable

steps to ensure that the conflict of interest situation ceased to exist.32

2.35 A conflict of interest situation is defined under the Corporations Act as:

(1) For the purposes of sections 324CA, 324CB and 324CC, a conflict of interest situation exists in relation to an audited body at a particular time if, because of circumstances that exist at that time:

(a) the auditor, or a professional member of the audit team, is not capable of exercising objective and impartial judgment in relation to the conduct of the audit of the audited body; or

(b) a reasonable person, with full knowledge of all relevant facts and circumstances, would conclude that the auditor, or a professional member of the audit team, is not capable of exercising objective and impartial judgment in relation to the conduct of the audit of the audited body.33

2.36 In other words, the definition in the Corporations Act sets out three elements to a conflict of interest situation. Firstly, it focuses attention not only on the position of the auditor, but also on the position of each professional member of the audit team. The reason for doing so is that a conflict of interest situation affects the capacity to exercise objective and impartial judgement, and therefore applies to everyone in the audit team who exercises professional judgement or influences the outcome of the audit.34 Secondly, the central question is whether the person concerned is capable of exercising objective and impartial judgement in relation to the conduct of the audit. And thirdly, the objective and impartial judgement requirement is to be assessed by reference not only to the actual situation of the person concerned, but also from the perspective of a reasonable person.

2.37 The statutory provisions dealing with the general requirement for auditor independence create contraventions and criminal offences for an individual auditor, an audit company and its directors, and members of an audit firm.35

2.38 In addition to the general independence requirements, the Corporations Act includes a non-exhaustive list of relationships (broadly categorised as

32 Corporations Act 2001, s. 324CA, s. 324CB and s. 324CC.

33 Corporations Act 2001, ss. 324CD(1).

34 Corporations Act 2001, ss. 324CD(2).

35 Corporations Act, sections 324CA, 324CB and 324CC. The maximum penalty for a breach of these

sections is six months imprisonment.

23

employment relationships and financial relationships) that are treated as non-independent and therefore explicitly prohibited.36

2.39 There are also specific provisions related to the disclosure of an auditor's independence. An auditor must provide a written declaration of independence to the directors of the audited entity. The declaration, which is included in the Director's Report, states that to the best of the auditor's knowledge or belief, there have been no contraventions of the auditor independence requirements under the Corporations Act or applicable code of professional conduct.37

2.40 To limit threats to auditor independence through familiarity with an audited entity, the Corporations Act also imposes strict auditor rotation requirements. Specifically, an auditor (or in the case of an audit firm or audit company, a person appointed as lead or review auditor) who has 'played a significant role' in the audit of a listed entity is prohibited from leading an audit or review of the company for more than five consecutive, or more than five out of seven successive, financial years.38 In other words, a 'cooling-off period' of at least two years is required.

2.41 In addition, the Corporations Act mandates a two-year waiting period before a former partner of an audit firm (or director of an audit company) can take up certain positions with the audited entity.39 Further, there is a mandatory five-year waiting period before any more than one former audit partner (or director) may become an officer of the audited body.40

Transparency reporting 2.42 Auditors that perform audits on ten or more significant entities, including listed entities and authorised deposit-taking institutions, are required under the Corporations Act to publish an annual Transparency Report.41 The

Transparency Report discloses information relating to an auditor's independence practices, including an audit firm's system of quality control for audits and reviews of financial reports and other financial information and

36 Corporations Act 2001, s. 324CE, s. 324CF, s. 324CG and ss. 324CH(1).

37 Corporations Act 2001, s. 307C.

38 Corporations Act 2001, s. 324DA.

39 Corporations Act 2001, s. 324CI and s. 324CJ.

40 Corporations Act 2001, s. 324CK. If the audited body is a listed entity, the relevant mandatory

two-year and five-year waiting periods extend to becoming and officer of a related body corporate of the audited body.

41 Corporations Act 2001, s. 332A. The requirement to produce a transparency report was introduced

into the Corporations Act by the Corporations Legislation Amendment (Audit Enhancement) Act 2012.

24

other assurance engagements, as required by the auditing standards (see below).42

Australian Auditing Standards 2.43 Australian Auditing Standards of particular relevance to auditor independence include:

 ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements (ASQC 1)—which contains specific requirements applicable to audit firms with regard to managing independence, including that audit firms must have policies and procedures designed to provide it with reasonable assurance that the firm and its staff maintain independence.

 ASA 220 Quality Control for an Audit of a Financial Report and Other Historical Financial Information (ASA 220)—which requires the engagement partner to form a conclusion on compliance with independence requirements that apply to the audit engagement, as well as the specific steps the partner must take in reaching this conclusion. 43

APESB Code of Ethics 2.44 Supplementary to the provisions of the Corporations Act, extensive independence requirements for auditors are also contained in the APESB's APES 110 Code of Ethics and apply to all audits conducted in accordance with

the ASAs (see paragraph 2.16). As noted earlier, the Code of Ethics is legally enforceable because ASA 102 essentially incorporates APES 110 to give it legal effect.44

2.45 Similar to the auditing standards issued by the AUASB, the Code of Ethics is based on the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants (IESBA). The APESB recently issued a restructured Code of Ethics, effective from 1 January 2020, to ensure the pronouncement meets global best practice.

42 See Auditing Standard ASQC 1, Quality Control for Firms that Perform Audits and Reviews of Financial

Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements, May 2017.

43 An 'engagement partner' is defined by the AUASB as the partner or other person in the firm who

is responsible for the engagement and its performance, and for the report that is issued on behalf of the firm, and who, where required, has the appropriate authority from a professional, legal or regulatory body.

44 Auditing Standard ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews

and Other Assurance Engagements; see also Accounting Professional and Ethical Standards Board, APES 110 Code of Ethics for Professional Accountants (including Independence Standards), para 1.5.

25

2.46 Unlike the prescriptive requirements relating to auditor independence under the Corporations Act, the Code of Ethics framework is largely principles-based, and requires auditors to apply professional judgement when assessing professional or ethical issues that may arise in performing the audit function. However, the Code of Ethics also contains specific provisions to address key threats to auditor independence, including where an auditor wants or is requested to provide non-audit services to an audit client, whether other assurance or non-assurance services.

2.47 For example, in relation to the provision of non-audit services to a public interest entity Public Interest Entity, the Code of Ethics explicitly prohibits the provision of other assurance services that would involve the auditor assuming management responsibilities or that have a material impact on the financial statements of the audited entity. In particular, the following assurance services cannot be provided to an audited entity:

 Performing accounting and bookkeeping services.  Serving as general counsel.  Promoting, dealing in, or underwriting client's shares.  Negotiating for the client.  Recruiting directors/officers or senior management who would have

significant influence over financial statements.45

2.48 The Code of Ethics largely reflects the Corporations Act requirements with regard to audit partner rotation requirements, including imposing a 'cooling-off period'. However, to ensure alignment with the international standards issued by the IESBA, the cooling-off period for engagement partners of listed or APRA-regulated entities has recently increased under the Code of Ethics to three years, and will increase to five years from 31 December 2023.46

2.49 Additional independence requirements for auditors apply with respect to the provision of insolvency services. The Code of Ethics prohibits a firm from providing audit and insolvency services to the same client. Under the Code, a firm must refuse to perform, or must withdraw from, the audit engagement if a partner or employee of the firm were to serve as an officer (including management of an administration) of an audit client. This requirement is an Australian specific prohibition that has been in force since March 1998.47

45 Accounting Professional and Ethical Standards Board, Submission 42, p. 5.

46 See Accounting Professional and Ethical Standards Board, Audit Partner rotation requirements in

Australia Technical Staff Questions and Answers, December 2017, https://www.apesb.org.au/uploads/home/06042018143737_APESB_Audit_Partner_Rotation_Austr alia_Q&As_Dec_2017.pdf (accessed 4 February 2020).

47 Accounting Professional and Ethical Standards Board, Supplementary submission 42.1, p. 1.

26

2.50 Further, the APESB has a standard on insolvency services, APES 330 Insolvency Services (APES 330). According to the APESB, the 'independence requirements in APES 330 will effectively prohibit most circumstances of firms providing insolvency services for an individual or entity that is a client of a bank in circumstances where that bank is also an audit client of the firm'.48

48 Accounting Professional and Ethical Standards Board, Supplementary submission 42.1, p. 2.

27

Chapter 3

Audit quality in Australia

3.1 For regulatory purposes, the Australian Securities and Investments Commission (ASIC) defines audit quality as matters that contribute to the likelihood that the auditor of a financial report will:

(a) achieve the fundamental objective of obtaining reasonable assurance that the financial report as a whole is free from material misstatement; and (b) ensure material deficiencies detected are addressed or communicated through the audit report.1

3.2 ASIC notes that this includes 'appropriately challenging key accounting estimates and treatments that can materially affect the reported financial position and results'.2

3.3 As pointed to in Chapter 1, audit quality has been a matter of continuing concern to regulators and to this committee for a number of years. Discussion regarding audit quality in Australia has emanated primarily from successive findings of ASIC's audit inspection program, which show an apparent ongoing deterioration in audit quality (see Table 1.1).

3.4 With regard to its audit inspection program for the 12 months to 30 June 2019, ASIC found that in 26 per cent of the total 207 key audit areas reviewed across 58 audit files, auditors did not obtain reasonable assurance that the financial report as a whole was free of material misstatement. The corresponding figure for the 18 months to 30 June 2018 was 24 per cent across 347 key audit areas.3

3.5 Adverse findings from ASIC's audit file reviews mainly relate to the adequacy of firms' audits of asset values and revenue recognition.4 Common deficiencies raised across ASIC's audit inspection reports include that auditors did not:

 obtain sufficient and appropriate audit evidence;  exercise sufficient professional scepticism (particularly in relation to the impairment of non-financial assets); or  appropriately use the work of experts and other auditors.5

1 Australian Securities and Investments Commission, Submission 16, p. 1. See also Australian

National Audit Office, Submission 45, p. 3.

2 Australian Securities and Investments Commission, Submission 16, p. 1.

3 Australian Securities and Investments Commission, Report 648—Audit inspection report for 2018-19,

December 2019, pp. 4 and 11.

4 Australian Securities and Investments Commission, Submission 16, p. 6.

5 See, for example, Report 607—Audit inspection report for 2017-18, January 2019; Report 648—Audit

inspection report for 2018-19, December 2019.

28

3.6 ASIC's latest inspection report found that 'auditors need to improve audit quality and the consistency of audit execution', and 'the continuing overall level of findings needs to be addressed'.6

3.7 The remainder of this chapter will examine matters relevant to the state of audit quality in Australia including: stakeholder perceptions on audit quality, particularly relating to ASIC's audit inspection findings; suggestions for improvement to ASIC's audit inspection approach; the importance of professional scepticism in audit and associated complexities as they relate to the valuation and impairment of non-financial assets; and the integral role that management and directors play in contributing to audit quality. Threats to auditor independence, as a key contributor to audit quality, are discussed in Chapter 4.

Perceptions on audit quality in Australia 3.8 Notwithstanding the findings of ASIC's audit inspection program, stakeholder perceptions suggest that, while there are opportunities for improvement, overall, the quality of audit in Australia is of a high standard.

3.9 In February 2018, the Financial Reporting Council (FRC) developed the FRC Audit Quality Action Plan which aims to continually improve audit quality by working with stakeholders to identify and understand issues and to undertake appropriate actions. In line with the objectives of the action plan, the FRC, in conjunction with the Australian Auditing and Assurance Standards Board (AUASB), conducted a survey of Audit Committee Chairs of ASX top 300-listed companies to gather their perspectives on audit quality in Australia. The survey found that 92 per cent of Audit Committee Chairs described their overall view of their external auditor as 'above average' or 'excellent'.7

3.10 While in broad agreement that ASIC's audit inspection findings continue to indicate that improvements in audit quality are needed, the FRC reiterated its overall view on audit quality based on the findings its action plan to date as reported in its 2018-19 Annual Report; namely that:

Nothing has come to the FRC's attention from the other evidence to date from user surveys and targeted consultations that indicates external audits are not, overall, continuing to assist in maintaining trust and confidence in financial reports.8

6 Australian Securities and Investments Commission, Report 648—Audit inspection report for 2018-19,

December 2019, pp. 13 and 20.

7 Financial Reporting Council, Audit quality in Australia: The perspective of Audit Committee Chairs,

September 2018, p. 5.

8 Financial Reporting Council, Submission 24, p. 3. See also Financial Reporting Council, Annual

Report 2018-19, p. 19.

29

3.11 While the Group of 100 (G100) supported the FRC's objectives of continually improving audit quality, it nonetheless 'believes anecdotally that the audit quality experienced by Australian corporates is fundamentally of a very high standard'.9

3.12 Similarly, the Australian Institute of Company Directors (AICD) submitted that, in response to consultation on the inquiry's terms of reference, 'on the whole, AICD members were of the view that the audit system is working well'. AICD further submitted that 'listed company directors reported a high degree of confidence in audit quality'.10

3.13 The Australian Professional and Ethical Standards Board (APESB) highlighted findings from the 2019 Australian Investor Confidence Survey undertaken by Chartered Accountants Australia and New Zealand (CA ANZ). That survey found that 87 per cent of retail investors are confident about the quality of audited financial information released by publicly listed Australian companies, citing reasons related to the involvement of an independent auditor.11 Based on this finding, the APESB contented that 'it is evident that the market perceives that most audits are performed well and in accordance with relevant standards'.12

3.14 Mr Tony Johnson, Chief Executive Officer and Managing Partner, Oceania, EY, was of the firm view that, while there are areas for improvement, 'there is no substantial and sustained problem with audit quality and regulation of audit in Australia'. 13

3.15 Deloitte expressed the view that:

Australia continues to have effective, efficient and reliable audit services of good quality. At the same time, we acknowledge that audit in Australia can and should continually seek to evolve and improve.14

3.16 Similarly, Mr Andrew Yates, National Managing Partner, KPMG, assured the committee that, in general:

…the capital markets in Australia are strong, and aligned with that I think the state of audit quality in Australia is strong. There are, no doubt, things that need to be improved, and we are working hard to improve those. We

9 Group of 100, Submission 35, p. 4.

10 Australian Institute of Company Directors, Submission 66, p. 5.

11 See Chartered Accountants Australia and New Zealand, 2019 Australian Investor Confidence Survey,

September 2019, pp. 3 and 8.

12 Australian Professional and Ethical Standards Board, Submission 42, p. 7.

13 Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, Committee

Hansard, 9 December 2019, p. 29.

14 Deloitte, Submission 28, p. 3. See also Mr Tom Imbesi, Chairman, Deloitte Australia, Committee

Hansard, 9 December 2019, p. 45.

30

can talk about those as we go through this session. There are also things that we should be talking about in terms of what different stakeholders expect from an external audit and how the current standards actually determine what an audit does. So I think overall the audit quality in Australia is relatively strong.15

3.17 Professor Allan Fels AO expressed a more subdued view on the state of audit quality in Australia, submitting that 'audit quality here and in major jurisdictions overseas is not bad', but 'there is, however, room for improvement, and no clear trend in the right direction'. 16

3.18 Mr Grant Heir, Auditor-General of the Australian National Audit Office (ANAO), noted that there is not any evidence that the audit work outsourced by the ANAO to external audit firms is of a lesser quality than that carried out internally by the agency:

You have to remember that we are the signing officer, and the signing officer and the audit manager take responsibility for managing the contracted audit. There isn't any evidence that we have that the level of engagement required in our outsourced audit by that review process is any greater than what we do for our internal processes. So there's nothing in what we do, and in any of the quality work that we do, which would lead us to our view that the quality of our outsourced work, in terms of the final audit outcome and the processes underpinning it, is any different from the internal work.17

3.19 PricewaterhouseCoopers (PwC) pointed to the level of material changes required to net assets and profits of public interest entities as a result of ASIC's financial reporting surveillance program as an indication that the quality of auditing in Australia is generally of a high standard. Industry wide, ASIC has consistently found that four to five per cent of accounts reviewed require a material change, which is comparable to other major jurisdictions.18

3.20 Elaborating on this point, PwC noted that a lot of the work undertaken by auditors to improve the disclosures ultimately made in companies' financial reports goes unseen:

It is difficult to entirely capture the day to day reality of a complex and challenging audit. For example, there are many cases where a company makes adjustments to its financial statements, or clarifies or enhances disclosures, before they’re published, as a result of the audit process. For example, in 2018, PwC audits of listed companies identified, on average,

15 Mr Andrew Yates, National Managing Partner, Audit, Assurance and Risk Consulting, KPMG,

Committee Hansard, 9 December 2019, p. 64.

16 Professor Allan Fels AO, Submission 43, p. 5.

17 Mr Grant Hehir, Auditor-General, Australian National Audit Office, Committee Hansard,

29 November 2019, p. 11.

18 PwC, Submission 27, pp. 3 and 14. See also Australian Securities and Investments Commission,

Submission 16, p. 6.

31

six potential adjustments per audit and ensured their appropriate treatment prior to finalisation of the company's statements. The market only sees a clean set of financial statements and an unqualified audit opinion, but there is often a lot of work behind the scenes by the auditor with the client to achieve this outcome.19

3.21 Mazars also reflected on the 'unseen' work of auditors in considering the state of audit quality in Australia:

Our professional experience is that auditors contribute to a significant improvement in the quality of financial reporting as compared to an expectation of what would be produced without auditors reviewing the information before release to markets and regulators. Unfortunately, this activity happens quietly and behind closed doors and is subject to the principle of confidentiality which is at the heart of our profession. Accordingly, information regarding the number and value of pre-release adjustments identified and resolved by auditors is difficult to obtain.20

3.22 Industry stakeholders also drew the committee's attention to the potential benefit that a partnership structure, under which the Big Four firms continue to operate, can have with regard to driving audit quality. For instance, Mr Matt Graham, Managing Partner, Assurance, PwC, stated that maintaining a partnership structure is seen to be for the public good as auditors are unable to 'hide behind the corporate veil of limited liability'. Mr Graham further remarked:

The fact that partners had joint and several, unlimited liability in a firm was seen as something that would improve audit quality. I can certainly say that, in the culture of our firm, the fact that we're in business together as partners and have that joint and several liability creates a culture where you're not just looking after yourself when you're making decisions about prioritisation of resources and investment in quality; you're doing it because not only are you looking after your fellow partner, you actually have joint and several liability with them. So there's an element of self-interest in the broader partnership piece as well.21

ASIC's audit inspection program—Process and limitations 3.23 ASIC's audit firm inspections are conducted on an ongoing basis throughout each year. Inspections include the review of key audit areas in files for selected audit engagements conducted by the largest six firms by market capitalisation.

Typically, three to four key audit areas are covered in the review of each audit file, and these audit areas remain broadly consistent across inspections. ASIC provides feedback to audit firms following each file review, with firms given

19 PwC, Submission 27, p. 14.

20 Mazars, Submission 50, p. 12. See also BDO Australia, Submission 31, p. 4.

21 Mr Matt Graham, Managing Partner, Assurance, PwC, Committee Hansard, 9 December 2019, p. 82.

See also Mr Tom Imbesi, Chairman, Deloitte Australia, Committee Hansard, 9 December 2019, p. 57.

32

the opportunity to challenge or undertake remedial action to address preliminary findings. 22

3.24 As explained by ASIC, individual audit file reviews concentrate on the substance of audit work conducted and whether sufficient appropriate audit evidence was obtained to support the auditor's opinion. In carrying out audit file reviews, ASIC applies the presumption that if audit work is not documented, and in the absence of evidence to the contrary, then that work has not been performed. ASIC publicly reports a summary of the findings and observations from its audit inspection program, setting out the areas it considers auditors should focus on to improve audit quality.23 ASIC's latest audit inspection report, covering audit file reviews for the 12 months to 30 June 2019, was released in December 2019.

3.25 The audit engagements and key audit areas reviewed under ASIC's audit inspection program are selected using a risk-based approach. Unavoidably, this approach means that some of the more complex, demanding and challenging audits are selected for review, as well as some more significant and higher risk areas of the financial reports. ASIC readily acknowledges that, due to the risk-based methodology used, the results of its audit inspection program may not be indicative of the entire audited population of listed and unlisted entities. Indeed, ASIC advises in its Audit inspection report for 2018-19 that 'great caution is needed in generalising the results across the entire market' and also, that 'purely random reviews could result in a different level of findings'.24

3.26 The AUASB agreed with ASIC's assessment that its inspection results cannot be generalised across audit firms, also observing that 'in any one review period, ASIC perform a small number of detailed inspections relative to the number of listed entity audits a firm conducts'.25

3.27 The committee questioned ASIC as to whether it had considered conducting random sampling for its audit inspection process, rather than risk-based approach currently used, in order to provide better insight into the state of audit quality industry-wide. ASIC Commissioner, Mr John Price, responded:

The short answer is: yes, we have given some thought to random samples. I suppose there are a couple of issues there. First of all, we are custodians of taxpayers' money, so is it a better use taxpayers' money to focus on areas

22 Australian Securities and Investments Commission, Submission 16, pp. 17-19.

23 Australian Securities and Investments Commission, Submission 16, pp. 17-19.

24 Australian Securities and Investments Commission, Report 648—Audit inspection report for 2018-19,

December 2019, p. 10. See also Australian Securities and Investments Commission, Submission 16, p. 6; Mr John Price, Commissioner, Australian Securities and Investments Commission, Committee Hansard, 19 November 2019, p. 3.

25 Australian Auditing and Assurance Standards Board, Submission 22, p. 12.

33

where we think there are problems or on a purely random sample? The other issue is—we did do some work around what would be required to generate a statistically significant population so as to have a greater level of confidence in our findings, and the figures actually required a very, very large number of audit files to be—26

3.28 Mr Douglas Niven, Senior Executive Leader, Financial Reporting and Audit at ASIC, explained that ASIC would need to inspect a random sample of 660 audit files to obtain a confidence level of 95 per cent (that is, no more than five per cent misstatement). This represents a substantial increase on the number reviewed under its present risk-based approach.27

3.29 Further clarifying the approach used in undertaking its audit inspection program, ASIC noted that audits necessarily involve the application of professional judgement, which is subjective. As such, there are some instances where different individuals will reach different judgements on whether the audit work performed is sufficient. 28 ASIC elaborated:

We are open to the possibility that we do not have all the facts, that there may be differing views on the requirements of auditing standards, or differing judgements. We have extensive due process with the firms and within ASIC to address any such concerns and ensure that findings do not include matters where, for example, reasonable professionals could differ in their views.29

3.30 A number of inquiry participants, including ASIC itself, pointed out that where an ASIC audit file review identifies a matter that does not meet the required standard, this does not necessarily mean the audited financial report was materially misstated. ASIC clarified:

Rather, in our view, the auditor did not have a sufficient basis to support their opinion on the financial report. In these cases, there is a risk that the financial report was materially misstated, and that investors or other users were not properly informed when making decisions based on that report.30

3.31 Reflecting further on this point, the AUASB noted that an adverse finding from ASIC's audit inspection program can result from:

 deficient audit application;

26 Mr John Price, Commissioner, Australian Securities and Investments Commission, Committee

Hansard, 19 November 2019, pp. 3-4.

27 Mr Douglas Niven, Senior Executive Leader, Financial Reporting and Audit, Australian Securities

and Investments Commission, Committee Hansard, 19 November 2019, p. 4.

28 Australian Securities and Investments Commission, Submission 16, p. 17. See also Australian

Securities and Investments Commission, Report 648—Audit inspection report for 2018-19, December 2019, p. 10.

29 Australian Securities and Investments Commission, Submission 16, pp. 17-18.

30 Australian Securities and Investments Commission, Submission 16, p. 6.

34

 a difference in professional judgements made by the auditor when compared to the ASIC inspector; or  a difference in interpretation of the Auditing Standards made by the auditor when compared to the ASIC inspector.31

Enhancements to ASIC's audit inspection program 3.32 ASIC's audit inspection findings are an important and, arguably, the best available measure of audit quality in Australia. That said, as part of its enhanced approach to supervision being adopted agency-wide, 32 ASIC has

committed to implementing a number of new initiatives to promote improvements in audit quality and its measurement. Some of these initiatives, (outlined below) have already been implemented. ASIC anticipates that work in relation to the remainder the initiatives will be commenced or completed during the 2019-20 financial year.

3.33 To enhance the transparency of its audit inspection program, ASIC published individual percentage findings from its audit file reviews at each of the Big Four firms in its latest audit inspection report. ASIC had previously only published aggregate percentage findings.33 Individual firm's findings for the 12 months to 30 June 2019 and 18 months to 30 June 2018 are replicated in Table 3.1.

Table 3.1 Adverse findings from reviews of key audit areas in audit files at the largest four audit firms

Audit firm 12 months to

30 June 2019

18 months to 30 June 2018

Deloitte 32% 32%

EY 22% 22%

KPMG 33% 21%

PwC 18% 12%

Source: ASIC, Report 648—Audit inspection report for 2018-19, p. 7.

3.34 ASIC has also sought to promote audit quality by publishing a broader range of audit quality measures and indicators (Report 649—Audit quality measures,

31 Australian Auditing and Assurance Standards Board, Submission 22, p. 12. See also Professor Ken

Trotman, Submission 56, p. 5.

32 See Mr John Price, Commissioner, Australian Securities and Investments Commission, ASIC’s

strategic focus and key priorities over the next year: Improving conduct and restoring trust, https://asic.gov.au/about-asic/news-centre/speeches/asic-s-strategic-focus-and-key-priorities-over-the-next-year-improving-conduct-and-restoring-trust/ (accessed 22 January 2019).

33 See, for example, Report 607—Audit inspection report for 2017-18, January 2019, p. 10.

35

indicators and other information: 2018-19) supplementary to its audit inspection reports. In describing this initiative, ASIC cautioned that, while the broadened measures will assist in assessing audit quality, 'audit quality cannot be reliably reduced to a single figure or formula'.34 The expanded measures and indicators are relevant to the committee's recommendation in its statutory oversight report of the 45th Parliament (see paragraph 1.38).

3.35 Other new initiatives being undertaken to enhance ASIC's audit inspection program include:

 an audit firm governance review looking at governance, culture, talent, conflicts of interest and accountability for audit quality at the largest six audit firms;

 reviews of the effectiveness of the root cause analysis and subsequent action conducted by audit firms on adverse findings from ASIC's inspection and surveillance programs; and,

 in light of the recommendations made by the FRC in its Auditor Disciplinary Processes: Review,35 a review of ASIC's criteria for acting on auditor enforcement and the types of outcomes sought, including the referral of matters to the Companies Auditors Disciplinary Board.36

Stakeholder views on ASIC's audit inspection approach 3.36 The majority of inquiry participants, particularly the Big Four firms, were broadly supportive of ASIC's audit inspection program and the continued efforts to implement improved audit quality measures and indicators.

3.37 For example, KPMG believes ASIC's inspection process provides valuable insights to improve the quality of its audits, and commended ASIC for its 'continued willingness to engage with the profession about ways in which the audit inspection program can be improved'.37

3.38 Similarly, Deloitte submitted that it benefits from the 'extensive dialogue' with ASIC during and as a result of the audit inspection process. Deloitte further stated:

We believe that the inspection process serves an important role in improving audit quality, and we value the insights it brings to both entities and the audit profession.38

3.39 The committee also heard from Mr Tom Imbesi, Chairman of Deloitte Australia, that ASIC's audit inspection results have provided a valuable data

34 Australian Securities and Investments Commission, Submission 16, p. 8.

35 See Financial Reporting Council, Auditor Disciplinary Processes: Review, March 2019, pp. 7 and 20.

36 Australian Securities and Investments Commission, Submission 16, pp. 7-8.

37 KPMG, Submission 26, pp. 6-7.

38 Deloitte, Submission 28, p. 21.

36

point for the firm to draw on when looking at how to improve and enhance its audit methodology:

It's one input. We also have our own desire to increase and improve audit quality. We have our own programs in place, our own training in place. We have a global methodology that's continually enhanced and refined. The input of ASIC, along with other regulators around the world, helps us to continuously refine and improve our methodology, so it is valuable to us.39

3.40 EY supported ASIC's work to identify and report on a broader range of audit quality indicators, expressing the view that this will provide a more balanced analysis and support ongoing confidence in financial markets.40 EY also reflected on the audit profession's response to ASIC's audit inspection regime, submitting:

…we believe the market has responded well to ASIC's regulatory involvement by undertaking root-cause assessments and making substantial changes to audit processes because of the regulator’s actions.41

3.41 The AUASB noted the value that measuring a wider range of audit quality indicators will provide in terms of facilitating more informed discussion about the purpose and importance of audit. However, the AUASB encouraged further consideration as to the right indicators of audit quality as well as the role of the FRC in reporting these, given its mandate to provide strategic advice on audit quality.42

3.42 Notwithstanding the overarching support highlighted above, some submitters and witnesses observed that the risk-based approach used by ASIC, as well as the manner in which audit inspection findings are reported, may result in a distorted view of audit quality.

3.43 The G100, for instance, noted:

…due to the limited amount of information regarding the findings, it is difficult to assess to what extent negative findings were from larger, systemically more 'risky' audits or smaller companies, or where lack of 'a basis to support their evidence' indicates a lack of proper documentation and evidence—as ASIC notes, 'ASIC's findings do not necessarily mean that the financial reports audited were materially misstated'.43

39 Mr Tom Imbesi, Chairman, Deloitte Australia, Committee Hansard, 9 December 2019, p. 62.

40 EY, Submission 29, p. 8.

41 EY, Submission 29, p. 16.

42 Australian Auditing and Assurance Standards Board, Submission 22, p. 11. See also Professor

Roger Simnett, Chair, Australian Auditing and Assurance Standards Board, Committee Hansard, 29 November 2019, p. 32.

43 Group of 100, Submission 35, p. 4.

37

3.44 Demonstrating this point, Mr Jamie Gatt, Managing Partner, Audit and Assurance, Deloitte, noted that of the 44 key audit areas reviewed by ASIC in the firm's audit files for the 18 months to June 2018, ASIC was of the view that for 14 of those areas, there was not sufficient appropriate audit evidence to support the auditor's opinion. This resulted in a 32 per cent finding rate. Mr Gatt continued:

And I think it's important to note that whilst our score was 32 per cent none of the files that were looked at in the inspection needed to be restated. In fact, in the two previous inspections, which covered an additional 25 files, none of those required restatement either.44

3.45 Further indicating how ASIC's inspection findings may give a misleading impression of the state of audit quality, PwC explained that, for the 12 per cent of cases where ASIC identified concerns with PwC audits for the 18 months to June 2018, 'there were no instances where the related financial statements required a subsequent restatement to market'.45

3.46 Pitcher Partners also remarked on the risk-based approach used to select audit engagements and files for review, submitting that the final outcome of ASIC's audit inspection program is distorted 'by announcing results based on a skewed sample'.46 Additionally, Pitcher Partners observed:

…ASIC reviews focus on specific areas rather than standing in the shoes of the auditor, whom is required to provide an opinion on the financial statements as a whole. This is often done in relation to specific areas of judgement and with the benefit of hindsight, with some reviewers spending more time on these areas than the audit team are able to spend on the entire audit.47

Suggestions for improvement 3.47 The committee heard a number of suggestions for improvement to ASIC's audit inspection approach. In particular, inquiry participants suggested that ASIC should adopt a system whereby its audit inspection findings are graded

on the basis of severity. Additionally, some stakeholders supported the adoption of more balanced reporting on audit inspection findings as well as publication of individual firm inspection reports on ASIC's website.

Grading the severity of inspection findings 3.48 Submitters and witnesses advocated for a system whereby reported inspection findings are graded on the basis of severity or significance. Doing so, inquiry

44 Mr Jamie Gatt, Managing Partner, Audit and Assurance, Deloitte Australia, Committee Hansard,

9 December 2019, p. 46.

45 PwC, Submission 27, p. 16.

46 Pitcher Partners, Submission 40, [p. 6].

47 Pitcher Partners, Submission 40, [p. 6].

38

participants argued, would provide stakeholders with greater confidence in the quality of audit and better information on which to base their financial decisions.48

3.49 The Bentleys Network submitted that while it finds the audit inspection process to be quite robust and detailed, it believes that ASIC's findings are not clearly understood by the broader community or accurately reflected by the media. The Bentleys Network attributed such misunderstandings to differences in professional judgements over what constitutes sufficient audit evidence and proposed that 'it would be beneficial if these were clearly reported as such, rather than as an adverse finding'.49

3.50 KPMG shared a similar view:

We suggest a system of 'grading' or rating be introduced in order to help the public interpret ASIC's findings. This should help shareholders distinguish between findings that indicate an audit opinion may be unsupported and other, less significant findings such as areas for improvement in documented audit evidence.

The current system used by ASIC can result in inspection findings that vary markedly in terms of significance being presented as like-for-like. Formally stratifying or grading the significance of ASIC’s findings would help provide more clarity to all stakeholders.50

3.51 Likewise, EY argued that applying a severity assessment to audit inspection results would facilitate greater confidence in audit quality through enhanced transparency and understanding of ASIC's findings.51

3.52 Representing CA ANZ, Mr Amir Mostafa Ghandar, Leader, Reporting and Assurance, called for more clarity and transparency around the factors that constitute ASIC's audit inspection findings. On this point, CA ANZ recommended that ASIC develop a 'three-grade severity scale' for audit inspection findings. 52

3.53 Professor Ken Trotman described the deficiency rate (that is, total percentage of adverse findings) reported by ASIC as being 'very uninformative', arguing deficiencies found through the audit inspection process 'should be clearly

48 See, for example, Deloitte, Submission 28, p. 21; PwC, Submission 27, p. 16; Pitcher Partners,

Submission 40, [p. 4]; Institute of Public Accountants—Deakin SME Research Centre, Submission 64, p. 9.

49 Bentleys Network, Submission 9, p. 2.

50 KPMG, Submission 26, p. 7.

51 EY, Submission 29, p. 16. See also Mr Chris George, Professional Practice Director, Oceania, EY,

Committee Hansard, 9 December 2019, p. 31.

52 Mr Amir Mostafa Ghandar, Leader, Reporting and Assurance, Chartered Accountants Australia

and New Zealand, Committee Hansard, 29 November 2019, p. 64. See also Chartered Accountants Australia and New Zealand, Supplementary Submission 2.1, p. 2.

39

described including the nature and extent of these deficiencies'. Further advocating for such an approach, Professor Trotman submitted:

It is much more likely that the deficiencies can be addressed by the audit firm if there is more transparency about the type of deficiencies, whether it is an omission or an alternative view on what is appropriate evidence, and where the inspectors disagree.53

Adoption of more balanced reporting 3.54 Some inquiry participants suggested that ASIC adopt a more balanced assessment framework whereby positive findings, such as above average performance or improved audit procedures, are reported as well as audit

deficiencies.

3.55 For example, Professor Trotman observed that by pointing only to audit deficiencies, the current assessment framework employed by ASIC emphasises penalties rather than rewards.54 Professor Trotman argued that stakeholders need to be aware of positive findings:

There is an opportunity for ASIC to more fully inform investors on audit quality. Capital markets should be given a more balanced assessment that describes both the positive and negative findings…The report could also include an update on new improvements made by the audit firms. The market needs to be aware of these enhancements and whether the policies are continuing to work effectively. Examples of innovative audit procedures and best practice also could be acknowledged so that firms are rewarded for these actions. ASIC has considerable data on the root cause analysis of the deficiencies reported and providing researchers with access to unidentifiable data would likely lead to insights to improve audit quality.55

3.56 Similarly, PwC encouraged ASIC to report on the audit firm's perspectives on inspection findings as well as the firm's action plans to address identified deficiencies. PwC expressed the view that reporting on the firm's commitment to continuous improvement would provide stakeholders with better information to draw conclusions.56

3.57 Arguing in support of the need for more balanced audit inspection reporting, Professor Robyn Moroney noted research findings that audit regulation via ASIC's current inspection framework may have a detrimental impact on auditor commitment and turnover intentions. Professor Moroney explained:

53 Professor Ken Trotman, Submission 56, p. 4. See also Professor Ken Trotman, Private capacity,

Committee Hansard, 29 November 2019, pp. 52-53.

54 Professor Ken Trotman, Submission 56, p. 3. See also Professor Ken Trotman, Private capacity,

Committee Hansard, 29 November 2019, p. 52.

55 Professor Ken Trotman, Submission 56, pp. 4-5.

56 PwC, Submission 27, p. 16.

40

We found that auditors are sensitive to the language used by regulators when reporting the outcomes of their inspections and the way that their firms respond by increasing their use of checklists to demonstrate compliance with standards to appease regulators. We reported our findings to the regulator, highlighting that it wasn’t their (negative) findings that had a detrimental effect on auditor commitment and turnover intentions but rather auditors reacted to the tone used when delivering their message. We reported to firms that their staff would prefer that their audit process not become more prescriptive, particularly if regulator was to use a conciliatory tone. Commitment and turnover are important as firms are keen to retain their highly skilled staff to ensure their capacity to deliver high-quality audits.57

Publication of individual firm inspection reports 3.58 Another suggestion put forward to improve ASIC's audit inspection program is the publication of individual audit firm inspection reports. For instance, of the view that greater transparency is needed to give more insight into the

quality offered by the audit sector in Australia, KPMG encouraged:

…the mandatory publication of individual audit firm inspection reports on the ASIC website to provide important context to the percentage finding. This would bring Australia in line with other jurisdictions including the UK and US.58

3.59 Currently, ASIC's published audit inspection reports present an aggregate summary of the observations and findings identified during the relevant review period. However, the committee notes that during the course of the inquiry, each of the largest six audit firms voluntarily published their firm's individual ASIC audit inspection reports for 2018-19.

3.60 On this point, Mr Graham explained that PwC chose to publish its individual audit inspection report in the interest of transparency and building trust in the audit process:

What we were trying to do there was create balance. The transparency piece is that there has only ever been one statistic around one conversation and that has been for the whole market. We think transparency drives accountability. It is an unforgiving discipline. We put our own ASIC inspection findings to the market back in May in the full knowledge that frankly, because of the sample sizes and because the bar continues to rise, quite rightly, and because ASIC keeps looking at risky areas of risky audits, those numbers will be volatile. They will move up and down. But by being more transparent about them we hope that continues to build trust in the process so people can understand it more.59

57 Professor Robyn Moroney, Submission 59, [p. 3].

58 KPMG, Submission 26, p. 8.

59 Mr Matt Graham, Managing Partner, Assurance, PwC, Committee Hansard, 9 December 2019, p. 93.

41

Professional scepticism 3.61 Professional scepticism is a cornerstone of the professional judgement an auditor must apply in obtaining sufficient audit evidence to support their opinion on the integrity of a financial report. That is to say, exercising an

appropriate level of professional scepticism is fundamental to the critical assessment of audit evidence and, therefore, essential to achieving a high-quality audit.

3.62 Australian Auditing Standards (ASAs) define professional scepticism as:

…an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.60

3.63 In line with international standards, ASAs explicitly require that auditors plan and perform an audit with professional scepticism, recognising that circumstances may exist which cause the financial report to be materially misstated. ASAs also recognise that professional scepticism includes questioning contradictory audit evidence and the reliability of documents, responses to enquiries and other information obtained from management and those charged with governance.61

3.64 AICD concisely summarised the important role that professional scepticism should play in the relationship between auditors and a company's directors and management:

Good auditors act as thought leaders and a strong relationship with an auditor and judicious use of their professional scepticism assists directors in their supervision of management.62

Valuation and impairment of non-financial assets 3.65 Successive ASIC audit inspection reports have criticised audit firms for failing to exercise appropriate professional scepticism relating to the valuation and impairment of intangibles and other non-financial assets. In this regard, ASIC

specifically stated in its submission:

We are concerned that some auditors may not apply enough professional scepticism and sufficiently challenge management estimates.63

3.66 Several inquiry participants sought to highlight the complexities faced by the preparers of financial reports and, in turn, by the auditors of those financial reports with regard to the valuation and impairment of non-financial assets.

60 Auditing Standard ASA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit

in Accordance with Australian Auditing Standards, para. Aus 13.2(l).

61 Auditing Standard ASA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit

in Accordance with Australian Auditing Standards, paras. 15 and A22.

62 Australian Institute of Company Directors, Submission 66, p. 4.

63 Australian Securities and Investments Commission, Submission 16, p. 11.

42

The challenges facing auditors in this respect are increasing alongside the changing business environment in which they operate. As touched on in Chapter 1, companies are expanding and operating on an increasingly diverse and global scale. Changing business models have resulted in financial statements that include balances requiring greater professional judgement and estimation (including of future revenues and expenses), which is subject to uncertainty and considerable differences in opinion.

3.67 The AUASB neatly described the challenge of auditing non-financial asset valuations and impairments:

Accounting estimates, including the valuation and impairment of assets such as intangibles, are often highly complex, involving high levels of professional judgement. The estimates are often based on complex models that involve forecasting and assumptions about future business performance and events. As a result, the auditing of estimates is very challenging, as it is more difficult to gather sufficient and appropriate evidence for matters that have not yet occurred.64

3.68 Professor James Guthrie also characterised how audit relating to non-financial assets has changed the nature and complexity of audit processes over time:

…These organisations are huge. There are millions or tens of millions of transactions a day. So the financial complexity is there, for sure. In terms of the accounting now, a lot of the accounting is not based on what I would be happy to call the cash system; it's based on estimates and ideas about what could be. It's about the future and making estimates and putting numbers on it, so it's so much more complex now compared to the good old sixties.65

3.69 The non-financial asset valuation and impairment outcomes disclosed in financial reports are generally the product of numerous inputs and assumptions for which there are limited observable data points or that rely on considerable estimation. Small changes in these variables can result in significant variations in outcomes.66 Pitcher Partners highlighted how these conditions affect auditors' assessments in these areas:

In forming conclusions and auditing these judgement areas, auditors are required to settle on a single outcome as disclosed in the financial statements. However, these disclosed outcomes are the products of a wide variety of inputs, with varying values of themselves, together with predictions about future events.

Decision Science identifies that good decision-making processes do not guarantee successful outcomes. Where the financial statements turn out to be incorrect, auditors are often presumed to have failed to have exercised

64 Australian Auditing and Assurance Standards Board, Submission 22, p. 14.

65 Professor James Guthrie AM, Distinguished Professor, Accounting, Macquarie Business School,

Macquarie University, Committee Hansard, 29 November 2019, p. 29.

66 Mazars, Submission 50, p. 12; Pitcher Partners, Submission 40, [p. 4].

43

sufficient scepticism if any of the range of variables considered would have resulted in an outcome less favourable than the one disclosed.67

3.70 PwC similarly noted that auditors' work relating to non-financial assets involves the assessment of cash flows that are expected to be generated by the asset in the future. PwC elaborated that the forward looking nature of such assessments 'involve considerable judgement in a range of matters and thus are inherently complex, and will be reviewed by audit inspectors and others at a later date with the benefit of hindsight'.68

3.71 The Australasian Council of Auditors General (ACAG) pointed out that the sufficiency and appropriateness of evidence to support judgements and estimations concerning non-financial assets varies considerably. Consequently, ACAG noted that auditors require 'appropriate skill and expertise, in order to apply an appropriate level of knowledge, professional judgement and scepticism in the audit process'.69

3.72 Both the Australian standard-setting bodies, the Australian Accounting Standards Board (AASB) and AUASB, have recognised the need for improvement in the area of valuation and impairment of non-financial assets, including intangibles. In this respect, the AASB noted that the International Accounting Standards Board (IASB) is presently undertaking a limited review of the standard applying to the impairment of assets, but the AASB is pressing the IASB to undertake a more fundamental review.70

3.73 In addition, the AUASB released a revised version of Auditing Standard ASA 540 Auditing Accounting Estimates and Related Disclosures (ASA 540) in December 2018, which is operative for financial reporting periods commencing on or after 15 December 2019. The AUASB advised that it is 'currently developing implementation support for auditors and working with the Professional Accounting Bodies on educative initiatives to support auditors in the implementation of ASA 540'.71

The role of management and directors 3.74 A common theme raised during the inquiry was the role of management and directors in supporting and contributing to audit quality. As underscored by several inquiry participants, audit quality does not exist in isolation. Rather, it

is part of a financial reporting supply chain that involves interactions between

67 Pitcher Partners, Submission 40, [p. 4].

68 PwC, Submission 27, p. 16.

69 Australasian Council of Auditors General, Submission 48, p. 4.

70 Australian Accounting Standards Board, Submission 32, pp. 1-2.

71 Australian Auditing and Assurance Standards Board, Submission 22, pp. 14-15.

44

a company's management, its governance (such as audit committees), auditors, the users of financial statements, and regulators.

3.75 Deloitte characterised these components as making up the 'financial reporting ecosystem' (Figure 3.1), with all parties having key roles to play and external audit providing 'a critical link between entities that prepare financial reports and the users who rely on them'.72

Figure 3.1 Financial reporting ecosystem

Source: Deloitte, Submission 28, p. 14.

3.76 While acknowledging that auditors have the primary responsibility for audit quality, submitters and witnesses expressed the strong view that improving audit quality requires collective action by stakeholders in the financial reporting chain.73 This is because, as aptly put by Professor Stephen Taylor, audit quality is 'inexorably linked to the rules that govern financial reporting'.74 In other words, audit quality and financial reporting quality are not mutually exclusive, and auditing standards alone are not sufficient to achieve high-quality audits.

3.77 ASIC emphasised this connection:

Audit quality supports financial reporting quality, which in turn enhances market confidence in a company's reported financial position and results. It is therefore in the interests of directors and audit committees to support the audit process. 75

3.78 Likewise, Professor Trotman told the committee that 'the quality of audit depends on the interaction between auditors and many other stakeholders in

72 Deloitte, Submission 28, p. 13.

73 See, for example, Financial Reporting Council, Submission 24, p. 3; EY, Submission 29, p. 2;

Australian Auditing and Assurance Standards Board, Submission 22, p. 1-2; IAASB-IESBA, Submission 18, p. 4; Australian Securities and Investments Commission, Submission 16, p. 1.

74 Professor Stephen Taylor, Submission 47, [p. 8].

75 Australian Securities and Investments Commission, Submission 16, p. 3.

45

the financial reporting process', and characterised audit committees as playing a critical role in enhancing audit quality.76

3.79 That view was supported by EY, who stated that 'an effective financial reporting chain sees directors, audit committees and management supporting quality audits through the production of quality financial reports'.77

3.80 Likewise, BDO Australia (BDO) asserted that responsibility for the preparation of financial reports that comply with accounting standards and that present a true and fair view of a company's financial position and performance rests with the directors. BDO expanded on this view:

If the financial statements that are prepared and provided to audit better comply with the Corporations Act and Accounting Standards disclosure requirements the audit can be conducted in a more effective manner. This will allow audit to focus its efforts on key audit matters and areas of greater importance, rather than spending large amounts of time dealing with routine disclosure issues.78

3.81 The ANAO pointed out that a company's management and those charged with its governance acknowledge certain responsibilities in preparing the financial report and importantly, that the audit of the financial report does not relieve them of those responsibilities.79

3.82 AICD echoed this point, underlining that directors' obligations and duties include assuming primary responsibility and accountability for the quality of financial reporting by the entities they govern. AICD added:

In fulfilling this accountability, directors should have sufficient financial literacy to understand and assess financial statements, be able to challenge and test the accounting treatments and judgements applied by management and oversee the entity’s financial reporting processes.

As ASIC emphasises, a company must have its own systems and processes to produce high quality financial reports. Directors must not rely on the auditor when forming their own opinion of the financial report, as this would undermine the objective of independent assurance.80

76 Professor Ken Trotman, Private capacity, Committee Hansard, 29 November 2019, p. 52.

77 EY, Submission 29, p. 2.

78 BDO Australia, Submission 31, p. 4.

79 Australian National Audit Office, Submission 45, p. 2. See also Australian Securities and

Investments Commission, Submission 16, p. 3.

80 Australian Institute of Company Directors, Submission 66, p. 2. See also ASIC, Information Sheet 196:

Audit quality-The role of directors and audit committees, June 2017, https://asic.gov.au/regulatory-resources/financial-reporting-and-audit/auditors/audit-quality-the-role-of-directors-and-audit-committees/ (accessed 24 January 2019).

46

General-purpose and special-purpose financial statements 3.83 In conjunction with the views expressed above about the 'inexorable' links between the rules governing financial reporting and audit quality, the committee received evidence about the paucity of information contained in

Special-Purpose Financial Statements (SPFSs) as opposed to General-Purpose Financial Statements (GPFSs).

3.84 SPFSs can be lodged with ASIC to satisfy legislative reporting requirements, rather than more detailed GPFSs. Current Australian Accounting Standards allow entities that do not classify themselves as 'reporting entities' to utilise SPFSs. The current test to determine which entities can produce SPFSs is a subjective test, not an objective test based on assets and revenue. The test is based on whether users are dependent on financial statements and whether they can acquire the information they require.81

3.85 ASIC noted that certain information not contained in SPFSs would be useful for users. This includes information on consolidation, financial instruments and related party transactions. 82

3.86 The AASB indicated that the basis for preparing SPFSs varies significantly, compromising both their quality and comparability.83 The IPA-Deakin SME Research Centre noted that some academic research has questioned the quality of information provided in SPFSs.84

3.87 The committee heard varying views on how common SPFSs are. Adjunct Professor Michael West and Mr Jeffrey Knapp suggested that the preparation of SPFSs is a common practice by large multinational companies.85 Professor Peter Wells suggested that some firms were inappropriately using SPFSs.86 That said, EY observed that in the past two years, a significant numbers of its clients have moved from special-purpose to general-purpose financial statements.87

3.88 Professor Stephen Taylor indicated that, in his view, progress is being made on resolving the issues associated with SPFSs:

81 Mr Douglas Niven, Senior Executive Leader, Financial Reporting and Audit, Australian Securities

and Investments Commission, Committee Hansard, 19 November 2019, p. 12.

82 Mr Douglas Niven, Senior Executive Leader, Financial Reporting and Audit, Australian Securities

and Investments Commission, Committee Hansard, 19 November 2019, p. 12.

83 Australian Accounting Standards Board, Submission 32, p. 9.

84 IPA-Deakin SME Research Centre, Submission 64, p. 6.

85 Adjunct Professor Michael West, Submission 8, [pp. 2, 6 and 11]; Mr Jeffrey Knapp, Submission 79,

p. 1. See also Mr Jeffrey Knapp, Private capacity, Committee Hansard, 29 November 2019, p. 69.

86 Professor Peter Wells, Private capacity, Committee Hansard, 7 February 2020, pp. 10-11.

87 Mr Chris George, Professional Practice Director, Oceania, EY, Committee Hansard,

9 December 2019, p. 33.

47

The special purpose financial reports clearly have a long history in Australia. I think that at the moment the progress towards removing them is as fast as it could possibly occur. I think there is a clear path laid out for achieving that. We are heading towards a situation where special purpose financial reports, in the way they currently operate, largely will not. I think that is something that is being addressed and it is being addressed as well as it probably could be.88

3.89 The AASB is undertaking work to align Australian standards with the IASB's Revised Conceptual Framework to limit the ability of entities to self-assess that they are not a 'reporting entity' and thereby elect to use SPFSs.89 The AASB indicated that it:

…started consulting in August this year on its revised proposals to prohibit for-profit large proprietary companies, small foreign controlled companies and unlisted public companies from preparing special-purpose financial statements. We are proposing they prepare general-purpose financial statements, whether tier 1 full financial statements or tier 2 with simplified disclosure requirements. Submissions close on 30 November, with a proposed effective date of 30 June 2021.90

3.90 EY, Deloitte, KPMG and PwC all indicated they support the proposed changes.91

Committee view

The role and importance of auditing 3.91 The market allocation of capital to productive companies is fundamentally important to growth in a capitalist economy. Adequate information is vital for markets to function efficiently. In particular, investors require accurate,

relevant, and comparable information to make decisions. The financial reports of listed companies are a primary source of financial information on which investment decisions are made.

3.92 It is evident, therefore, that investors—both large and small—are the key users of audited financial statements. In considering the regulatory framework for auditing, the committee has considered the needs of the users rather than just the needs of the preparers and auditors of financial statements. Getting this

88 Professor Stephen Taylor, Private capacity, Committee Hansard, 7 February 2020, p. 10.

89 Australian Accounting Standards Board, Submission 32, p. 9.

90 Ms Kris Peach, Chair and Chief Executive Officer, Australian Accounting Standards Board,

Committee Hansard, 29 November 2019, p. 32.

91 Mr Chris George, Professional Practice Director, Oceania, EY, Committee Hansard,

9 December 2019, p. 33; Mr Jamie Gatt, Managing Partner, Audit and Assurance, Deloitte Australia, Committee Hansard, 9 December 2019, p. 53; Mr Bernie, Szentirmay, National Head of Audit Quality, KPMG, Committee Hansard, 9 December 2019, p. 70; Ms Jan McCahey, Public Policy Leader, PwC, Committee Hansard, 9 December 2019, p. 83.

48

balance right also requires consideration of the costs and benefits of trying to reduce the scope and scale of errors in the system.

3.93 Responsibility for the accuracy of a company's financial reports lies, in the first instance, with a company's management and board of directors. In other words, good business practice and governance is critical. The committee is in no doubt that company boards play a vital role in ensuring that companies, and their financial statements, are honest and transparent.

3.94 Having said that, the committee acknowledges that, on occasion, company management and boards of directors fail in their duties. Either they are less than diligent, or more rarely, part of the company's management sets out to deliberately mislead with respect to the company's financial position.

3.95 It is important, therefore, that the integrity of the financial statements of listed companies is subject to external professional scrutiny. Rigor is achieved by ensuring that the scrutiny and testing is carried out by suitably independent and sceptical actors. In Australia, external audit provides an independent opinion on the integrity of the information contained in a company's financial report. Specifically, an auditor's opinion provides reasonable assurance as to whether a company's financial report complies, in all material respects, with relevant legislation and standards and gives a true and fair view of the company's financial operations. In sum, given important investment decisions are based on annual financial statements, auditing plays a critical role in ensuring the trust in the financial system and is a crucial part of the warning system that informs investors and other stakeholders.

3.96 In light of the above, the committee is mindful that the external audit function is part of a supply chain, and that the role of the auditor exists in the context of a broader system that includes management and directors. As such, the committee appreciates that any changes to the regulation of auditing may have consequences for other parts of the financial reporting system. Likewise, suggestions for improving the quality of financial reporting will have positive spin-offs, including a likely improvement in the usefulness of the audited financial statements.

3.97 In this regard, the committee notes concerns about the longstanding and sometimes inappropriate use of SPFSs, and the resultant decrease in disclosure and transparency. The committee considers that full and appropriate disclosure and transparency are of paramount importance to the users of financial statements. The committee therefore welcomes both the apparent reported reduction in the use of SPFSs and the AASB process to remove the loophole that effectively enables entities to elect to use SPFSs. The committee believes that the AASB process should address the transparency concerns.

49

Genesis of the inquiry and committee approach 3.98 The regulation of auditing and issues pertaining to audit quality are global issues. Some of the impetus for this inquiry derived from comments to this committee over a number of years by former ASIC Chairman, Mr Greg

Medcraft. Mr Medcraft expressed his frustration and disappointment at what he saw as both unacceptably poor audit quality in Australia, and an apparent ongoing deterioration in audit quality. Further, Mr Medcraft made public statements to the effect that poor audit quality increased the risk that the type of malfeasance and corporate collapse typified by Enron might currently pass undetected by auditors in Australia.

3.99 Beyond these shores, audit quality is also a matter of intense focus and inquiry. In the UK, for example, three major reviews have been commissioned to inquire into, and make recommendations on, various aspects of auditing in the wake of the Carillion collapse.

3.100 While the reference by the Senate directed the committee to inquire into, and report on, the regulation of auditing in Australia, the committee acknowledges the broader international context to the debate about audit quality and the scope of potential solutions. With this in mind, at the first public hearing on 19 November 2019, the Chair set out his approach to the inquiry and requested that witnesses address the following questions:

(1) What is the evidence that the practice of auditing in this country is flawed? (2) Are those flaws isolated or are they systemic? (3) If those problems are systemic, what is driving them? (4) What policy solutions are available to the government to address them?

(a) What are the costs and benefits of those solutions? (b) If those solutions have been implemented elsewhere in the world, how did they work? (c) If they are entirely new, what justifies this novel approach?

(5) It may be the case that the evidence base of a current problem of auditing in Australia is limited, but there is very good reason to believe it would be a bigger problem in the future. If that is the case, can you clarify why you believe that is so?

Audit quality and ASIC's audit inspection reporting 3.101 In accordance with the approach set out above, a primary source of evidence about audit quality may be gleaned from the ASIC audit inspection reports that have been conducted by the regulator in Australia since the CLERP 9

reforms were introduced. Taken on their face, these reports paint a rather gloomy picture of audit quality in Australia.

50

3.102 Given that ASIC's audit inspection reports are a primary source of evidence about audit quality, it is prudent to examine the nature of the inspection reports themselves. ASIC has been clear about the nature and limitations of its inspection program and the caveats that should be borne in mind when interpreting the results. First and foremost, ASIC uses a risk-based sampling approach when selecting audit files for review. This means ASIC is targeting the more complex, demanding and challenging audits as well as the more significant and higher risk areas of financial reports. This inevitably biases the sample towards higher risk audit files that require a greater degree of professional expertise and judgment and, as such, may result in differences in interpretation and opinion. In turn, as ASIC itself points out, this means that great caution should be exercised in trying to extrapolate the results of ASIC's audit inspections from those higher risk audit files to the wider audited population.

3.103 On the other hand, the committee expects that both the audit firm and the audit client would, as a matter of due diligence and reputational risk, ensure that only the most experienced audit partners were allocated to the most complex and inherently risky audit files requiring the greatest professional judgment.

3.104 In short, there does not appear to be any way of quantifying the extent to which ASIC's risk-based inspection program may or may not provide a broad and reasonably robust indication of the overall state of audit quality in Australia.

3.105 While some witnesses expressed fears and some anecdotal evidence was presented during the course of the inquiry, the committee did not receive concrete empirical evidence of systemic issues with audit quality in Australia. That said, several stakeholders proposed improvements to the ASIC audit inspection program to improve its useability and, in turn, help drive improvements to audit quality. One of the key pieces of feedback received was the suggestion that ASIC improve the transparency and utility of its inspection program by grading the findings in its reports according to their severity or significance. Currently, ASIC presents more serious findings such as an unsupported audit opinion, as equivalent to other less significant findings, such as the need to better document audit evidence.

3.106 Similarly, the committee notes that audits necessarily involve the application of professional judgement. One of the more complex areas requiring professional judgment is the auditing of non-financial asset valuations and impairments. Auditing future estimates is challenging because it is more difficult to gather sufficient and appropriate evidence for matters that have not yet occurred, or if underlying assumptions or conditions change. Different individuals may reach different judgements on whether the audit work

51

performed is sufficient. In such circumstances, an adverse finding from ASIC's audit inspection program could arise because of a difference in either:

 the professional judgements made by the auditor when compared to the ASIC inspector; or  the interpretation of the Auditing Standards made by the auditor when compared to the ASIC inspector.

3.107 The subjective nature of these professional judgments lends weight to the argument that ASIC's inspection reports should clarify the basis on which findings of particular audit deficiencies are made.

3.108 Given the inherent complexity and challenges applying to the impairment of assets, the committee encourages the AASB to continue to press the IASB to undertake a fundamental review of the standard applying to the impairment of assets.

3.109 Another area of potential confusion regarding the ASIC audit inspection program relates to the extent to which ASIC finds a material misstatement in the financial statements that requires change. Evidence to the committee indicates that ASIC's financial reporting surveillance program has consistently found that four to five per cent of accounts reviewed require a material change. This is comparable to other major jurisdictions.

3.110 Several stakeholders also encouraged ASIC to publish individual firm inspection reports on the ASIC website. In this regard, the committee notes that, at varying stages during 2019, the Big Four accounting firms, BDO and Grant Thornton published their previously confidential individual ASIC inspection reports on their own websites.

3.111 Noting the above, the committee acknowledges that ASIC is working to enhance its audit inspection program. The committee welcomes ASIC's introduction of additional indicators of audit quality and encourages ASIC to continue to refine these indicators as they are monitored over time. The committee considers that measuring and monitoring the right indicators will provide further insights about audit quality and facilitate a more informed discussion about the purpose and value of audit.

3.112 In light of the above, the committee considers that ASIC should continually review its methodology with the aim of producing reports of greater sophistication and clarity. This would necessarily involve taking into account the subjective nature of some of the professional judgments made by both auditors and the ASIC inspectors.

3.113 The committee is also of the view that, having due regard to the need for greater nuance, the results of ASIC's individual audit inspections should be made publicly available on ASIC's website.

52

Recommendation 1

3.114 The committee recommends that ASIC:

 formally review the manner in which it publically reports the periodic findings of its audit inspection program, giving appropriate consideration to approaches used internationally; and

 based on this review, develop and implement, by the end of the 2020-21 reporting period for its audit inspection program, a revised framework for reporting inspection findings, with a focus on the transparency and relative severity of identified audit deficiencies.

Recommendation 2

3.115 The committee recommends that the Australian Government introduce, by the end of the 2020-21 financial year, through appropriate legislation, a requirement that ASIC publish all future individual audit firm inspection reports on its website once ASIC has adopted a revised reporting framework referred to in Recommendation 1.

3.116 Noting the above recommendations, the committee encourages ASIC to maintain a focus on reviewing the effectiveness of the root cause analysis and subsequent action conducted by audit firms on adverse findings from ASIC's inspection and surveillance programs. The committee expects that the root cause analysis undertaken by the audit firms to rigorously address some of the persistent and more troubling findings of ASIC's inspection program. These findings include a failure by some auditors to apply enough professional scepticism and sufficiently challenge management estimates. The committee considers this process to be an important component of a positive feedback loop between the regulator and the auditors leading to actionable outcomes.

53

Chapter 4

Threats to auditor independence

4.1 Academic literature suggests that matters that affect an auditor's ability to achieve their fundamental objective—that is, to obtain reasonable assurance that the financial report as a whole is free from material misstatement— comprises two characteristics; auditor competence and auditor independence. In other words, the quality of an audit is a function of these key attributes.1

4.2 As summarised by Emeritus Professor Keith Houghton and Professor Christine Jubb:

These two characteristics cannot be substituted for each other; that is you cannot have more of one to make up for less of another. They are both necessary conditions for the existence of the value of an audit. These two characteristics are: (1) that the audit must be 'competent' and (2) that the audit be 'independent'. These two characteristics must both be present for an audit to be of value in the market for information.2

4.3 On this point, Professor Ken Trotman drew attention to the trade-off between auditor competence and auditor independence that threats to audit quality provide:

For example, long-term tenure threatens independence but increases client and industry knowledge. Also, some audit non-services broaden the audit evidence base with a positive effect on confidence.3

4.4 Professor Stephen Taylor also discussed the above model of audit quality, explaining that competence refers to an auditor's ability to appropriately identify problems, while independence is the auditor's determination to take the most appropriate action in dealing with such problems. Professor Taylor contended that 'defining audit quality in this way has the advantage of requiring that criticisms of audit quality must reflect deficiencies in one or both of the two components'.4

4.5 Much of the public commentary and debate around audit quality in recent years has centred on conflicts of interest—either actual or perceived—that poses a threat to auditor independence, the second key component of audit quality. In particular, conflicts of interest which have been persistently raised

1 See Professor Stephen Taylor, Submission 47, [p. 3]; Emeritus Professor Keith Houghton and

Professor Christine Jubb, Submission 63, [pp. 3-4].

2 Emeritus Professor Keith Houghton and Professor Christine Jubb, Submission 63, [p. 3].

3 Professor Ken Trotman, Private capacity, Committee Hansard, 29 November 2019, p. 52.

4 Professor Stephen Taylor, Submission 47, [p. 3].

54

as potentially compromising auditor independence, and which may thereby negatively impact audit quality, include the:

 provision of non-audit services to the audited entity; and  perceived closeness of the auditor with the audited entity, particularly that arising through long association.

4.6 Australia's audit independence requirements, as detailed in Chapter 2, are set out in the Corporations Act 2001 (Corporations Act), Australian Auditing Standards, and the APES 110 Code of Ethics for Professional Accountants (including Independence Standards) (Code of Ethics), all of which have the force of law. This comprehensive legislative and regulatory framework recognises that auditor independence is fundamental to achieving a high-quality audit as it enables the auditor to be impartial in making professional judgements.

4.7 Auditors are legally required to be independent from the entities they audit. They must ensure that they are independent of mind and of appearance, both acting and being seen to act with integrity, objectivity and professional scepticism. In other words, auditors must be mindful, not only of actual conflicts of interest, but also of the perception of conflicts of interest.5

4.8 In its submission to the inquiry, the Australian Professional and Ethical Standards Board (APESB) noted that it is not aware of any empirical evidence to suggest that there are significant weaknesses with its pronouncements, and expressed the firm view that the existing professional and ethical standards that apply in Australia represent global best practice.6

4.9 Indeed, the APESB argued that its suite of professional and ethical standards applicable across various audit and non-audit services is replicated in very few jurisdictions worldwide. Elaborating on this point, the APESB submitted:

APESB has, at times, implemented reforms that may not have suited the commercial interests of accounting firms. For example, in 2010, APESB prohibited the provision of bookkeeping services and some tax services to audit clients that are Public Interest Entities (PIEs). Australia led the way with this prohibition, which has now been recognised as global best practice and included in the International Code of Ethics.7

4.10 Further comparing current Australian regulation to that in other jurisdictions, the APESB contended that the Australian professional standards framework, which is applicable at the audit firm level and in respect of various professional services, 'is a global leader and is only replicated in a handful of

5 See Australian Securities and Investments Commission, Submission 16, p. 9.

6 Australian Professional and Ethical Standards Board, Submission 42, pp. 2 and 8.

7 Australian Professional and Ethical Standards Board, Submission 42, p. 4.

55

jurisdictions which does not include the UK'.8 On this point, the APESB took the view that:

…the existing standards framework in Australia on specific professional services is more comprehensive than the UK, where the professional and ethical standards focus mainly on the provision of audit services. Therefore, some of the proposals [put forward in recent UK reviews] may not be relevant or cannot be directly implemented without due consideration of the existing co-regulatory framework in Australia.9

4.11 The remainder of this chapter will examine in turn the two main issues persistently identified as threats to auditor independence; that is, the provision of non-audit services and perceived closeness of the auditor with the audited entity. Potential solutions considered internationally or proposed by stakeholders to each of these threats will also be discussed.

Provision of non-audit services to audited entities 4.12 As noted in Chapter 1, the increasing complexity of the business environment has not only resulted in a more complex audit environment, but has also driven corporate demand for a range of other assurance and non-assurance

services. Audit firms, particularly those that comprise the 'Big Four', have expanded their service offering to meet this demand. A substantial part of large audit firms' business is now dedicated to the provision of services, such as advisory or consulting services, to entities they audit and other entities. Non-audit services performed by an external auditor can also include certain reviews required under the Australian Prudential Regulation Authority (APRA) prudential framework.

4.13 There are broadly two types of non-audit services that can be provided by an auditor to an entity they audit; namely, those that are related to and complementary to the audit (known as audit-related services), and those not related or complementary to the audit. As explained by the Australian Auditing and Assurance Standards Board (AUASB), services that are not related or complementary to the audit do not rely on any synergies in knowledge between the auditor and audited entity, whereas audit-related services require a deep understanding of the business and its systems of internal control.10

4.14 Since the corporate collapses and accounting scandals associated with Enron and WorldCom in the early 2000s, ongoing concern has been expressed regarding the provision of non-audit services and whether such services impair an auditor's independence. Such concern has largely been caused by

8 Australian Professional and Ethical Standards Board, Submission 42, p. 7.

9 Australian Professional and Ethical Standards Board, Submission 42, p. 11.

10 Australian Auditing and Assurance Standards Board, Submission 22, p. 5.

56

perceptions that financial incentives associated with delivering both audit and non-audit services to the same client may impact on an auditor's application of sufficient and appropriate professional scepticism.

4.15 Reflecting on this issue, the Australian Shareholders' Association submitted:

The Enron/Arthur Anderson story highlighted the dangers of 'moral seduction' and 'capture' of audit firms by poor corporate culture. The ensuing collapse of Arthur Anderson and Big Four divestment of consulting practices underlined the market's need to trust audit firms' output. That the Big Four have subsequently developed new consulting practices and added more service lines such as legal and media advisory on top leaves ongoing doubt as to independence…11

4.16 Professor Allan Fels AO succinctly defined the conflict of interest that the provision of non-audit services is perceived to pose to an auditor's independence:

It's a simple conflict of interest. Someone is tasked with providing an independent, error-free audit of a big business; it's a very important role. If that auditor is also performing services for the person they're auditing, there may be a conflict of interest—they may be compromised—because they want to continue providing those profitable services, and that could be threatened with unfavourable audits.12

4.17 Professor Sandra van der Laan and Dr Steven Townsend described the apparent financial incentive resulting from the provision of both audit and non-audit services to a corporate entity as 'economic bonding':

In the case of NAS [non-audit services], economic bonding is argued to result if an auditor becomes financially dependent on both audit fees and NAS provided to the same client. This may act as an inducement for an auditor to concede to management demands.13

4.18 Representatives of the Big Four also noted that recent public commentary has suggested the largest audit firms use audit work as a loss leader in order to win more profitable non-audit consultancy and advisory work and, moreover, that this is done at the expense of focusing on the provision of high quality audits14 (discussed in subsequent section on 'assertions that audit is a loss leader').

4.19 Indeed, reflecting on such commentary in his submission, Professor James Guthrie contended:

11 Australian Shareholders' Association, Submission 46, [p. 4].

12 Professor Allan Fels AO, Private Capacity, Committee Hansard, 29 November 2019, p. 2.

13 Professor Sandra van der Laan and Dr Steven Townsend, Submission 65, [p. 3].

14 See, for example, PwC, Submission 27, pp. 4 and 8; Deloitte, Submission 28, p. 5; EY, Submission 29,

p. 6.

57

…the Big 4 auditors have incentives to overlook risks in a financial statement audit because it may limit their ability to sell, usually higher-margin, non-audit work to audit clients. This is a cultural issue within these partnerships.15

Restrictions and requirements 4.20 The restrictions set out in the Corporations Act as well as regulatory and professional standards collectively seek to help identify and minimise potential risks posed to auditor independence through circumstances where a

firm provides both audit and non-audit services to the same client. In particular, the legislative and standards framework aims to protect against threats to independence that involve an auditor acting in a management capacity or engaging in work that has a material effect on the financial statements of the audited entity.

4.21 Importantly, the restrictions in place limit the threat of an auditor being in a position whereby they audit their own work (commonly referred to as a self-review threat). For example, an auditor must not provide professional advice on the valuation of a company's assets where such valuations are used in the company's financial statements.

4.22 As previously noted, the Code of Ethics issued by the APESB prohibits the provision of certain non-audit services by auditors of Public Interest Entities (PIEs) to their audit clients (see paragraph 2.47), and certain material non-audit services for all audited entities. The Corporations Act also requires that an auditor provide a written declaration that their work is compatible with the independence requirements under the Act. This declaration, which is included in the Director's Report, includes a statement that the auditor is satisfied that any non-audit work undertaken is compatible with the auditor independence requirements.16

4.23 In addition to the above non-audit services related requirements, Australian Accounting Standard AASB 1054 Australian Additional Disclosures (AASB 1054) mandates that entities required to prepare financial reports under the Corporations Act disclose separately in their financial statements total fees paid to the auditor for audit and all other services performed during the reporting period. AASB 1054 also requires disclosure of the nature of all other services provided. These fee disclosures are additional to those required by international accounting standards.17

15 Professor James Guthrie AM, Submission 39, p. 2. See also Professor James Guthrie AM,

Distinguished Professor, Accounting, Macquarie Business School, Macquarie University, Committee Hansard, 29 November 2019, p. 25.

16 Corporations Act 2001, s. 307C.

17 Australian Accounting Standard AASB 1054 Australian Additional Disclosures, paras. 10-11. See also

Australian Accounting Standards Board, Submission 32, pp. 6-7.

58

Are non-audit services an issue? 4.24 From a regulatory perspective, the Australian Securities and Investments Commission (ASIC) noted that, as part of its audit inspection and financial reporting surveillance programs, it had identified some concerns, albeit a small

number, relating to the provision of non-audit services. Specifically, in regard to the 18 months to 30 June 2018, ASIC submitted that it had:

 identified three cases where it considered the provision of non-audit services was not consistent with auditor independence requirements, including where a firm's experts were treated as both the auditor's and the company management's experts; and

 sought an explanation from six audit committees as to how they were satisfied that the auditor's independence was not compromised by the size and nature of non-audit fees.18

4.25 While cognisant of the increased focus on ensuring the provision of non-audit services does not compromise independence, submitters and witnesses were of the broad view that the existing legislative and regulatory framework is effectively managing threats to auditor independence posed in this regard.19

4.26 For example, KPMG contended that the regulatory rules and systems relating to the provision of non-audit services to an audited entity are extensive and, in its view, effective in safeguarding auditor independence.20

4.27 Likewise, Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, described Australia's current regulatory framework as 'rigorous', and stated that 'EY is confident that Australia's strong independence legislation is effectively managing conflicts of interest, including the provision of non-audit services to audit clients'.21

4.28 The Group of 100 (G100) noted that the reputation and integrity of audit firms is fundamental to their ongoing success. Therefore, individual staff and partners of firms are highly aware of their responsibilities with regard to auditor independence. The G100 continued:

It is our contention that these reputations and future incomes (across all aspects of a firm's business), which would be severely damaged or destroyed by proven conflicts-of-interest leading to malign outcomes or to work being deliberately performed not in accordance with regulatory

18 Australian Securities and Investments Commission, Submission 16, p. 9.

19 See, for example, KPMG, Submission 26; Australian Professional and Ethical Standards Board,

Submission 42; Mazars, Submission 50; Australian Institute of Company Directors; Submission 66.

20 KPMG, Submission 26, p. 3. See also Mr Andrew Yates, National Managing Partner, Audit,

Assurance and Risk Consulting, KPMG, Committee Hansard, 9 December 2019, p. 73.

21 Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, Committee

Hansard, 9 December 2019, p. 16.

59

standards, would not be put at risk because of any conflict of interest between auditing and consulting (or other) services.22

4.29 In support of that view, Mr Gary Lennon, Group Chief Financial Officer at National Australia Bank (NAB), reflected on his professional experience of dealing with EY, who has been the external auditor for the NAB Group since 31 January 2005:

But it's certainly my experience with EY—and I've had near-on 30 years dealing with auditors—is that they're highly professional. They work in global organisations. In my experience, they are independent, because they

realise how critical that is. Every time they form a view and write a report, in the end it is their view and their report and they stand 100 per cent behind it. That's been my experience.23

4.30 Industry stakeholders also drew attention to the fact that audit firms, as well as the companies they provide services to, typically have their own internal policies and systems in place to manage conflicts of interest and threats auditor to independence, including the provision of non-audit services. Further, some stakeholders stressed that such policies and systems meet and, in many cases, exceed regulatory and professional requirements.

4.31 For example, Mrs Jody Burton, Chief Risk Officer at Deloitte, told the committee that all engagement opportunities for the firm, whether it is to provide audit or non-audit services, must go through a comprehensive engagement assessment process. Mrs Burton further explained:

As it relates to an audit, the audit engagement partner has ownership of that process. They also have full visibility of any opportunity that moves on that account. So, if a client that we audit requests a particular service from another part of our business, the audit engagement partner has full visibility and is empowered to ensure that they can approve that service only in conjunction with the directors of that entity. So we go to great lengths to ensure that that requirement within the regulations is executed very strictly.24

4.32 Mr Andrew Yates, National Managing Partner, Audit, Assurance and Risk Consulting, KPMG, described for the committee the global online system 'Sentinel', which is used by KPMG to manage and ensure the firm's independence:

Sentinel was what I was referring to a little bit earlier when I talked about the global online system which manages independence. Whenever a piece of work is potentially going to be performed for any company, it has to be entered into Sentinel. That's consistent all around the world. If there is any

22 Group of 100, Submission 35, p. 2.

23 Mr Gary Lennon, Group Chief Financial Officer, National Australia Bank, Committee Hansard,

9 December 2019, p. 6.

24 Mrs Jody Burton, Chief Risk Officer, Deloitte Australia, Committee Hansard, 9 December 2019,

pp. 59-60.

60

part of that piece of work that would be commercially confidential or maybe a conflict, then it will be sent directly to our risk management team and not to the partner who runs the account. Any area where there might be a conflict, it has a different approval route.25

4.33 Several inquiry participants also pointed to past empirical research examining whether audit quality is in fact undermined by the provision of non-audit services.26 Such research has produced mixed results, with some earlier studies finding a negative association between the provision of non-audit services and audit quality. However, submitters and witnesses noted that more recent studies, which used alternative quality measures, have found no association.

4.34 For instance, Professor Peter Wells cited the 2006 study by Ruddock and colleagues which found no evidence of the provision of non-audit services reducing accounting conservatism, a commonly used measure of accounting quality and audit effectiveness.27

4.35 Similarly, Professor Stephen Taylor pointed to the 2019 literature review carried out by Dr Jan Bouwens, a Professor of Accounting at Cambridge Judge Business School and Managing Director of the Foundation for Auditing Research. Professor Taylor summarised:

After carefully summarising this literature, Bouwens (2019, p. 3) concludes that 'almost without exception, they point in a different direction than that assumed in politics and debate. That is, evidence suggests that non-audit services do not adversely affect the quality of the work of the auditor'.28

Benefits of multidisciplinary expertise 4.36 Research has found that non-audit services do not compromise auditor independence or impair audit quality. Indeed, research suggests an increase in audit quality which is often explained via learning. As clarified by the

IPA-Deakin SME Research Centre:

…that is, the provision of non-audit services increases auditor learning, thus establishing a synergistic relationship between the auditor and client

25 Mr Andrew Yates, National Managing Partner, Audit, Assurance and Risk Consulting, KPMG,

Committee Hansard, 9 December 2019, p. 72.

26 See, for example, Professor Sandra van der Laan and Dr Steven Townsend, Submission 65;

Professor Peter Wells, Submission 7; Professor Stephen Taylor, Submission 47; IPA—Deakin SME Research Centre, Submission 64.

27 Caitlin Ruddock, Sarah Taylor and Stephen Taylor, 'Non-audit services and earnings

conservatism: is auditor independence impaired?' Contemporary Accounting Research, vol. 23, pp. 701-746, as cited in Professor Peter Wells, Submission 7, [p. 2].

28 Jan Bouwens, 'What is the relationship between audit quality and non-audit services? An

overview of the existing literature', Foundation for Auditing Research, 2019, as cited in Professor Stephen Taylor, Submission 47, [p. 6].

61

or that there is a knowledge spill over from consulting which enhances the auditor's understanding of the client and thus audit quality.29

4.37 Numerous inquiry participants highlighted this knowledge transfer between firms' audit and other service lines as a key benefit of a multidisciplinary business model, with some going so far as to suggest that for more complex audits, a multidisciplinary approach is actually necessary to enhance audit quality. Further, some inquiry participants contended that, as a result of this knowledge transfer, there are certain non-audit services that the auditor of an entity is in fact best placed to perform, and that this can be done without any loss of the auditor's independence.30

4.38 The AUASB submitted that knowledge gained from undertaking complementary non-audit services can improve audit quality by contributing to an auditor's understanding of the entity:

The performance of the services complementary to the audit requires a deep understanding of the business and its systems of internal control, to enable appropriate risk assessment and design of appropriate procedures. For example, the complementary services can include assurance procedures over many regulatory returns that benefit from an auditor's knowledge of the client and industry. Having the auditor providing these complementary services can improve audit quality as knowledge gained from undertaking these services contributes to the auditor's understanding of the entity. Engaging another service provider to perform these complementary services would likely result in increased costs to the audited entity as the other provider would need to build the necessary knowledge and experience, which potentially could result in lower quality for these engagements.31

4.39 Hence, the transfer of knowledge between audit and non-audit services can apply both ways. The G100, for example, noted that an auditor's knowledge of a company's business, systems and process enables them to provide valuable advice in non-audit service areas without impacting on the financial statements. Additionally, the G100 pointed out that, due to the auditor's experience, such advice can often be provided in less time and thus less expense.32

4.40 Deloitte contended that multidisciplinary firms are able to consistently deliver a large population of qualified and skilled audit professionals as well as a

29 IPA-Deakin SME Research Centre, Submission 64, p. 6.

30 See, for example, BDO Australia, Submission 31; KPMG, Submission 26; Australian Auditing and

Assurance Standards Board, Submission 22.

31 Australian Auditing and Assurance Standards Board, Submission 22, pp. 5-6. See also KPMG,

Submission 26, p. 5.

32 Group of 100, Submission 35, p. 2.

62

breadth and depth of specialist capabilities that can be readily drawn on. Expanding on this point, Deloitte commented:

These specialists, as employees, are already compliant with required independence obligations. To that end, our audit practice benefits from access to a broad range of technical and industry specialists, with over 380 specialists in Australia providing audit support roles. At the same time, our advisory businesses benefit from the regulatory experience, deep accounting skills and leadership capability that our audit practice brings to our broader firm.33

4.41 Representing the views of audited companies' Chief Financial Officers, Mr Andrew Porter, Chair of the G100, told the committee that 'we want efficient, timely, accurate and expert advice from our external service providers—both our auditors and the consultants that we use from other firms who are not our auditors'. Mr Porter further commented:

It is important, in our opinion, that companies continue to have access to full-service firms and that these firms are able to attract the best people with a varied career that enables them to build on and develop their expertise.34

4.42 Some submitters and witnesses suggested that, as the business and audit environment becomes more complex, the specialist expertise obtained through a multidisciplinary approach will be a key component in ensuring the delivery of high-quality audits.

4.43 For example, Deloitte noted that, as organisations change to become more technology-focused and operate in new and more global markets, audits now often require professionals with specialist knowledge in areas such as valuations, financial and economics modelling, financial instruments, tax, technology systems, data, and internal controls. As such, Deloitte contended, 'the range of expertise required to deliver quality audits has expanded and become a more critical driver of audit quality'.35

4.44 EY shared a similar view, noting how specialist expertise from its other service lines has been utilised to assist in audits:

Expertise in artificial intelligence, cyber, analytics, robotics, block chain and other emerging disciplines are increasingly required and there is a continuing trend for increased involvement of specialist resources. These new skills reside in and are being developed in our non-assurance service lines.

In the financial year ended 30 June 2019, 8.7 per cent of time spent on the Australian Securities Exchange (ASX) 300 audits conducted by EY Australia, was incurred by specialists from other service lines as their

33 Deloitte, Submission 28, p. 11.

34 Mr Andrew Porter, Chair, Group of 100, Committee Hansard, 29 November 2019, p. 15.

35 Deloitte, Submission 28, p. 11.

63

expertise was required in the execution of the audit. When specialists from the other service lines assist in audits, they become subject to the heightened independence rules applicable to audit team members.36

Assertions that audit is a loss leader 4.45 As noted by ASIC, whether the provision of non-audit services to an audited entity compromises the auditor's independence, and thereby impacts audit quality, may depend on the size of the fees payable and the nature of the

non-audit services.37 Some assessments of audit quality have therefore taken into account the fees paid to auditors for financial statement audits or for other work.

4.46 The Australian Accounting Standards Board (AASB) explained how comparisons of audit fees across entities can be regarded in assessments of financial reporting and audit quality:

Comparatively higher audit fees could indicate financial reporting problems or issues with the audit process. Comparatively lower audit fees may indicate that a lower quality audit has been performed.38

4.47 Figure 4.1 details the fee revenue from engagements at ASX 300 entities as reported in financial reports for the years ended 12 months to 31 March 2018 and 31 March 2019. Fees for consulting services are included as part of 'non-assurance fees'.

Figure 4.1 Fee revenue from engagements at ASX 300 entities—12 months to 31 March 2018 and 31 March 2019

Source: ASIC, Submission 16, p. 10.

4.48 Industry stakeholders disputed assertions that the increasing range of others services delivered by the largest firms can be used as a loss leader in order to sell higher margin non-audit services.

4.49 PricewaterhouseCoopers (PwC) acknowledged that operating a multidisciplinary business model can create the perception that focus is being directed toward priorities such as firm-wide growth opportunities rather than

36 EY, Submission 29, p. 4.

37 Australian Securities and Investments Commission, Submission 16, p. 9.

38 Australian Accounting Standards Board, Submission 32, p. 6.

64

on the provision of high-quality, independent audits.39 However, PwC stated that 'audit is not used as a loss leader for growth in other parts of the firm', continuing that:

The level of profitability across our Assurance, Consulting and Financial Advisory businesses is broadly equal, demonstrating balance and strength right across the portfolio. Our level of investment in audit is such that we intend for this to remain the case.40

4.50 Likewise, Deloitte were firmly of the view that 'audit is a valuable and profitable business for our firm', further asserting that 'other services are not required to "subsidise" our audit business line, nor do we use audit services as a "loss leader" to generate revenue from other services to the entities we audit'.41

4.51 Mr Imbesi, Chairman, Deloitte Australia, reiterated this point in response to questions from the committee regarding Deloitte's service margins:

…ASIC has asked us for more information regarding our audit business, the margins that it makes relative to the average of the rest of our business. So there is more and more information we're being asked for to get more insight into how we operate our audit business. What I can say to you is that our audit business is profitable, its margin is slightly higher than the average of the firm, it's not a loss leader and it's a contributor to the firm's overall components.42

4.52 EY noted that fees from its ASX 300 audit clients for non-audit services, not including audit-related or other assurance services, comprised 14 per cent of the firm's Australian revenue in the 2019 financial year. EY further submitted:

We operate our business with the expectation that our audit engagements be profitable, hold partners accountable for this, and do not price our audit engagements with the expectation or consideration of non-audit-related services we may be asked to provide. The suggestion that the audit of financial statements is a “loss leader” for the sale of non-audit services is not correct.43

4.53 KPMG also provided a breakdown of revenue figures from audit and non-audit services provided to its largest clients:

Over the past five years, 69 per cent of revenue for KPMG’s six audit clients in the ASX20 was earned from the financial statement audit, 22 per cent from other assurance and audit-related services and 9 per cent from non-audit services. In FY2019, 5 per cent of the revenue earned from

39 PwC, Submission 27, p. 8.

40 PwC, Submission 27, p. 4.

41 Deloitte, Submission 28, p. 5. See also Mr Tom Imbesi, Chairman, Deloitte Australia, Committee

Hansard, 9 December 2019, p. 45.

42 Mr Tom Imbesi, Chairman, Deloitte Australia, Committee Hansard, 9 December 2019, p. 59.

43 EY, Submission 29, p. 6.

65

our ASX 300 audit clients was from other assurance and audit-related services and 18 per cent from non-audit services.44

4.54 Further rejecting suggestions that audit services are used as a loss leader by the auditing profession, the Big Four firms sought to highlight that their partner remuneration processes are structured in such a way that audit partners are not incentivised on the basis of selling non-audit services to audit clients.

4.55 For instance, KPMG noted that it has a 'clear policy of not remunerating any audit partners for selling non-audit services to any audit clients of the firm', further stating that 'there is zero financial incentive for audit partners to put revenue ahead of audit quality'.45

4.56 Similarly, Deloitte submitted that its auditors are evaluated solely on the basis of their audit work and pointed out that, in fact, 'metrics related to the sale of non-audit services are prohibited by Deloitte policies when evaluating or compensating audit partners'.46

4.57 Mr Jamie Gatt, Managing Partner, Audit and Assurance, Deloitte, also noted in evidence to the committee that ASIC's findings in relation to the firm's audit quality are taken into account in determining an audit partner's remuneration:

Yes. Findings on audit quality are all taken into account. Audit quality would be the most significant metric that we look at in relation to any audit partner. If there are findings from ASIC reviews, they are taken into account through their quality rating, and that will ultimately have an impact on their remuneration.47

CPS 220 Review 4.58 The committee examined the issue of whether non-audit services pose a risk to auditor independence during public hearings for the inquiry. In particular, the committee questioned representatives from NAB and EY regarding the

engagement of EY in 2018 to conduct a review of NAB's risk management framework, as required under APRA's prudential and reporting standards. As previously noted, EY has been the external auditor for the NAB Group since 31 January 2005.

4.59 APRA's Prudential Standard CPS 220 Risk Management (CPS 220) outlines the risk management requirements applicable to APRA-regulated authorised deposit-taking institutions. Paragraphs 44 and 45 of CPS 220 set out annual and triennial review obligations:

44 KPMG, Submission 26, p. 4.

45 KPMG, Submission 26, p. 5. See also PwC, Submission 27, p. 9.

46 Deloitte, Submission 28, p. 16.

47 Mr Jamie Gatt, Managing Partner, Audit and Assurance, Deloitte Australia, Committee Hansard,

9 December 2019, p. 57.

66

44. An APRA-regulated institution must ensure that compliance with, and the effectiveness of, the risk management framework of the institution is subject to review by internal and/or external audit at least annually. The results of this review must be reported to the institution's Board Audit Committee, the senior officer outside of Australia or Compliance Committee, as relevant.

45. An APRA-regulated institution must, in addition to paragraph 44, ensure that the appropriateness, effectiveness and adequacy of the institution's risk management framework are subject to a comprehensive review by operationally independent, appropriately trained and competent persons (this may include external consultants) at least every three years. The results of this review must be reported to the institution’s Board Risk Committee, the senior officer outside Australia or Compliance Committee, as relevant.48

4.60 Noting the committee's interest in CPS 220, Ms Heidi Richards, Executive Director, Policy and Advice at APRA, outlined the intended purpose of the reports arising from CPS 220 reviews:

And I wanted to stress that these reports are for the institution's board; they're not required in our standard to be provided to APRA, but in practice APRA supervisors generally request them and review them. The CPS 220 risk management review requirement is designed to support the institution's own processes for ongoing improvement of its risk management framework. APRA also conducts its own reviews of the risk management framework as part of our broader supervision program.49

4.61 Recent public commentary has raised concerns regarding the appropriateness of EY's engagement by NAB to perform the bank's CPS 220 review—a service which NAB categorised as 'audit-related' in its accounts—given the longstanding appointment of EY as NAB's external auditor.

4.62 In particular, an article by Adele Ferguson published in The Age and Sydney Morning Herald on 2 August 2019 suggested that a leak of internal documents from NAB raised questions about the role of EY in its assessment of NAB for the review and the management of conflicts of interest. The article alleged that some information found by EY during its review was not included in EY's draft report, or in its final report as provided to the NAB Board Audit Committee. The August 2019 article also outlined EY's apparent proposal to NAB in response to NAB's tender to accounting firms to conduct the CPS 220 review:

EY's proposal outlined the rules of engagement, including that both NAB and EY would agree who would be interviewed and discuss interim

48 Banking, Insurance, Life Insurance and Health Insurance (prudential standard) determination No.1 of

2019, Prudential Standard CPS 220 Risk Management, paras. 44-45.

49 Ms Heidi Richards, Executive Director, Policy and Advice, Australian Prudential Regulation

Authority, Committee Hansard, 7 February 2020, p. 75.

67

findings. EY would also prepare a draft report with recommendations and send it to NAB for review.

EY also offered to provide 'proactive end-to-end stakeholder management and early communication of findings based on a no-surprises approach'.

Once NAB had reviewed the draft report, the proposal said, EY would 'socialise with key management'. A draft report would then be presented (along with the final report) to NAB's board risk committee and/or the board audit committee.50

4.63 Seeking to allay concerns regarding any perceived conflicts of interest, Mr Gary Lennon, Group Chief Financial Officer at NAB, outlined the bank's independence policy as it applies to its external auditor, noting that it sets strict limitations on the work that EY can provide. Specifically, as the external auditor, EY is prohibited from undertaking work for NAB that does not meet the bank's definition of audit-related.51 Mr Lennon continued that this consequently 'excludes EY from most project and advisory services, which are typically undertaken by other major accounting firms for NAB'.52

4.64 Elaborating on this point, Mr Lennon asserted that the independence requirements applicable to EY under its independence policy are more stringent than those applied to other accounting firms that provide services to NAB. In particular, in line with the extensive legislative and regulatory requirements relating to auditor independence, EY is expressly prohibited from providing services to NAB that would risk EY auditing its own work:

The auditor, by definition—and we apply these standards to our auditor more tightly than other accounting firms—is more independent than anyone else. On some of the restrictions that we put on our auditor—we've already gone through some of them—the services that they can provide are far more restrictive than the services other firms can provide. Other firms can provide services including doing the actual work—so you open up the exposure that you may be doing a review of work that you've done. The financial arrangements between ourselves and our auditor are severely restricted; we can't have banking relationships, and partners in EY can't hold NAB stock. In terms of NAB staff working for EY or vice versa, there are very strict restrictions. Our auditor has more additional restrictions

50 Adele Ferguson, 'Secret interviews reveal risky business for NAB's top executives', Sydney Morning

Herald, 2 August 2019, https://www.smh.com.au/business/banking-and-finance/secret-interviews-reveal-risky-business-for-nab-s-top-executives-20190801-p52czf.html (accessed 7 February 2020).

51 Under current policy, NAB defines 'audit-related' to be a number of categories, including where

the review is required by regulation (e.g. a review required under APRA Prudential Standards). See Mr Gary Lennon, Group Chief Financial Officer, National Australia Bank, Committee Hansard, 9 December 2019, p. 3.

52 Mr Gary Lennon, Group Chief Financial Officer, National Australia Bank, Committee Hansard,

9 December 2019, p. 1.

68

than any other accounting firm because of this importance of independence.53

4.65 Similarly, representatives of EY sought to assure the committee that its independence as NAB's external auditor was in no way impaired through its engagement by NAB to conduct the CPS 220 review. For instance, Mr Tony Johnson told the committee:

The nature of our work means that every day we're accustomed to robust challenge of our findings on points of fact, context, presentation and language by relevant stakeholders. We listen to the commentary and then form and state our uncompromised position. In respect of the NAB CPS 220 work, the partners responsible have confirmed that they were not pressured to—and nor did they—dilute or compromise any of their recommendations as a result of challenge from stakeholders, as you will have seen in the final NAB CPS 220 report.

In respect of our CPS 220 work, EY partners and staff held themselves to the highest professional standards. In addition, our audit role was not conflicted, either legally or ethically, and auditor independence was not impaired.54

4.66 Mrs Leigh Walker, Regional Independence Leader at EY, underlined that the provision of the CPS 220 triennial review is fully compliant with Australia's extensive regulations around auditor independence. Mrs Walker further commented:

We went through the usual rigorous process that we do when we're evaluating any service. That applies to any service. Whether it's an audit related service or a non-audit service, we require all our teams to apply that rigorous standard. We would look at things like: is there a risk of self-review? With the CPS 220 work there was no risk of self-review because the results of the CPS 220 triennial review do not form part of the financial statements. They do not form part of the internal controls over financial reporting, so there was no self-review threat with the CPS 220 work.55

4.67 Mr Johnson strongly reiterated this point in later evidence, stating that 'to be absolutely clear: there is not an ounce of doubt that this is a permitted service under the laws and rules of independence in Australia'.56

53 Mr Gary Lennon, Group Chief Financial Officer, National Australia Bank, Committee Hansard,

9 December 2019, pp. 4-5.

54 Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, Committee

Hansard, 9 December 2019, p. 16.

55 Mrs Leigh Walker, Regional Independence Leader, Oceania, EY, Committee Hansard,

9 December 2019, p. 20.

56 Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, Committee

Hansard, 9 December 2019, p. 21.

69

4.68 ASIC affirmed that the auditor independence requirements under the Corporations Act were not compromised by EY performing the CPS 220 review for NAB, commenting in an answer to question on notice:

While there is no requirement for the auditor to provide the CPS 220 risk management opinion, there is no necessary incompatibility in the auditor providing such an opinion under the Corporations Act 2001.57

4.69 Importantly, ASIC also pointed out that, in considering whether the independence requirements of the Corporations Act and Code of Ethics have been complied with in relation to the provision of non-audit services, such as EY's CPS 220 review for NAB, all the relevant facts and circumstances need to be taken into account. ASIC advised that 'this may include consideration of fee dependency questions or concerns if the risk management work was found to be deficient in the external audit'.58 ASIC continued that any CPS 220 assurance services should be small compared to the fees for statutory audit services provided to an entity, which in this circumstance, the figures suggest to be the case.59 EY's fee for undertaking the CPS 220 review for NAB was $450,000, as compared to $10.4 million for the provision of statutory audit services for the bank to the end of September 2018.60

4.70 In addition, ASIC commented that the extent to which the provider of work relating to CPS 220 should be independent of a bank is ultimately a matter for the directors of that bank and APRA. ASIC further noted that CPS 220 permits the use of internal auditors who may be employees of the bank to conduct the required triennial review.61

4.71 On this point, Mrs Walker from EY reminded the committee that there is a distinction between statutory auditor independence as required by the Corporations Act, and the operational independence APRA requires of persons engaged to conduct a CPS 220 review:

APRA defines operational independence as being where someone has not been involved in 'the development or implementation of the framework, or the activities under review'. We have extensive regulations around statutory auditor independence that cover…everything from financial interests, loans and guarantees, business relationships, family and personal

57 Australian Securities and Investments Commission, answers to questions on notice,

19 November 2019, p. 9 (received 2 December 2019).

58 Australian Securities and Investments Commission, answers to questions on notice,

19 November 2019, p. 8 (received 2 December 2019).

59 Australian Securities and Investments Commission, answers to questions on notice,

19 November 2019, pp. 8-9 (received 2 December 2019).

60 See Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY,

Committee Hansard, 9 December 2019, p. 27.

61 Australian Securities and Investments Commission, answers to questions on notice,

19 November 2019, p. 9 (received 2 December 2019).

70

relationships, recent service with an audit client, serving as a director or officer, employment with an audit client, and temporary personnel arrangements as well as non-audit services. These are extensively regulated. It means that EY and Sarah would not have provided any services involving the development or implementation of that framework, so EY met the operationally independent standards set by APRA as well as being independent as per the statutory audit requirements in the Corporations Act in the auditing standards and in APES 110.62

4.72 The committee questioned representatives of NAB and EY as to how the iterative drafting and 'no-surprises' approach reportedly put forward in EY's proposal to undertake the CPS 220 review is reflective of an appropriate independent relationship between the bank and its auditor. Mr Chris George, Professional Practice Director at EY, clarified:

No surprises is a very common request that we and all audit firms would get from all of their clients. It doesn't mean a cosy relationship. It means: tell us things upfront so that we can deal with them and make sure they've been appropriately treated in the financial statements. It just forms the basis of good professional service.

If you're characterising a no-surprises approach as a cosy relationship, that is not how we see it characterised. It's about communication and dealing with matters upfront so that they can be appropriately dealt with and treated in financial statements.63

4.73 Mr Johnson repeated this view, underlining that 'no surprises does not mean no disagreement', but rather it means 'timely communication on the identification of issues'. Mr Johnson continued:

Whether this be in the audit context, CPS 220 or any major review, these are large exercises that are complex and require detailed project management, milestones to be met and matters to be resolved. Fundamental to completing an effective and efficient quality audit and an effective and efficient CPS 220 is that there is an understanding between all the stakeholders—in the case of an audit, that is the board members, management and auditors—that issues, as soon as they are identified, will be resolved so that each of those stakeholders can work through and be comfortable at the end of the day in signing off on a report—in the case of an audit, that it's true and fair; in the case of a CPS 220, that it meets the appropriate guidelines set out by APRA.64

62 Mrs Leigh Walker, Regional Independence Leader, Oceania, EY, Committee Hansard,

9 December 2019, pp. 23-24. See also Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, Committee Hansard, 9 December 2019, p. 15.

63 Mr Chris George, Professional Practice Director, Oceania, EY, Committee Hansard,

9 December 2019, p. 24.

64 Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, Committee

Hansard, 9 December 2019, p. 35.

71

4.74 Evidence from representatives of NAB concurred with this view. For example, Mr Shaun Dooley, Group Chief Risk Officer at NAB, suggested that the drafting approach used by EY—whereby relevant management at the bank had the opportunity to correct any facts, seek clarification on

recommendations, and start necessary work to address findings—ultimately led to a more useful CPS 220 report. Mr Dooley elaborated:

We had conversations in terms of seeking clarification, providing fact checking, seeking examples—in fact, the final report was longer. It was about four pages longer than the first report. It was much more actionable, therefore—because it was more actionable—it was more useful to me as a risk manager to address the issues that were highlighted in the report. So we could establish a program of work. We've stood up a lot of resources since the CPS 220 report was finalised, since our self-assessment report was published, to ensure that we are addressing the issues that were highlighted.65

Separation of audit and non-audit services 4.75 In the United Kingdom (UK), in April 2019, the Competition and Markets Authority (CMA) recommended an operational split between the audit and non-audit practices of the Big Four to address the perceived conflicts between

audit and the other service lines of the largest firms.66 As outlined in the CMA's final report of its statutory audit services market study:

This remedy would require the Big Four to put in place a strong strategic and operational split between their audit and non-audit services practices, including separate governance and strategy, separate accounts and remuneration policies, and no profit-sharing between audit and non-audit.

The aim of this is to ensure auditors' full focus is on conducting high quality audits, without their incentives being affected by the much greater revenue and profits from the non-audit side of the firm.67

4.76 The CMA recommended that the UK Government put in place the operational split initially at the Big Four firms, but that the regulator68 be able to add other firms in later years should they grow closer to the Big Four's size. While the CMA outlined the likely elements of the operational split, it specified that the

65 Mr Shaun Dooley, Group Chief Risk Officer, National Australia Bank, Committee Hansard,

9 December 2019, p. 10.

66 Of note, in its interim report, the CMA considered a full structural separation or ban on non-audit

services, but concluded that his would have a detrimental impact on audit quality, efficiency, audit firms, and the standing of the audit profession in the UK.

67 Competition and Markets Authority, Statutory audit services market study—Final report, April 2019,

p. 187.

68 In December 2018, the final report of Independent Review of the Financial Reporting Council (FRC) led

by Sir John Kingman recommended that the UK Financial Reporting Council be replaced with an independent statutory regulator called the Audit, Reporting and Governance Authority.

72

regulator should be given the powers to design the specific details of the proposed remedy and refine it over time.69

4.77 Professor Fels supported implementation of an enforced separation of functions between audit and other services offered by firms in Australia, contending that such a measure should take the form of a law which stipulates that no auditing firm should provide consulting services to any business.70

4.78 However, unlike the recommendation of the CMA in the UK, Professor Fels argued there be a more substantial, full structural separation between audit and non-audit services, contending that 'separation of the two functions would be a much cleaner, simpler and less costly way to deal with the problem'.71

4.79 Professor Fels put forward numerous reasons as to why he believed there should be a total structural separation, including that:

 there is an actual and perceived conflict of interest when an audit firm is also seeking to undertake consulting work, for an audited entity or others;  inherent conflicts of interest already exist in the same firms providing external auditing services to entities on a yearly basis; and  it would be prudent to adopt total structural separation from the start,

rather than incur costs of an alternative 'compromise solution'.72

4.80 Commenting on the operational separation proposed in the UK, Professor Fels expressed the opinion that such a measure could have possible impacts on competition between audit firms:

It seems to me that a measure of that sort has its own problems. Let me give you one example. Supposing a business is auditing business A. It can't do consulting for business A but it does consulting for business B, who is a competitor. There's already a looming problem. Knowledge acquired about either A or B may be used in relation to its competitor. There would need to be numerous safeguards for that, and they would be messy. That's one reason that I am concerned about halfway house resolution of this.73

4.81 Mr Porter from the G100 disagreed with Professor Fels' view:

I noted the comments from Professor Fels, but consulting firms themselves will consult to a large number of businesses in the same industry. That is

69 Competition and Markets Authority, Statutory audit services market study—Final report, April 2019,

pp. 187-188. At the time of writing, the UK Government was consulting on the issues raised in the CMA’s final report.

70 Professor Allan Fels AO, Submission 43, pp. 2 and 7.

71 Professor Allan Fels AO, Submission 43, p. 2. See also Professor Allan Fels AO, Private Capacity,

Committee Hansard, 29 November 2019, p. 1.

72 Professor Allan Fels AO, Submission 43, p. 7.

73 Professor Allan Fels AO, Private capacity, Committee Hansard, 29 November 2019, p. 3.

73

why they're valued by corporates, because of their breadth of industry expertise and the insights that they can bring.74

4.82 Mr Amir Ghandar, Leader, Reporting and Assurance, Chartered Accountants Australia and New Zealand (CA ANZ), also sought to highlight that the CMA, in carrying out its market study, chose not to pursue proposals for full structural separation of audit and non-audit services. The CMA made this decision on the basis that such a measure could have significant negative consequences, including a detrimental effect on audit efficiency and quality. Additionally, Mr Ghandar noted that the CMA found structural separation could have considerable competition implications, particularly for smaller firms, by making them less resilient, more dependent on audit clients, and less able to invest in technology and retain/recruit qualified staff.75

4.83 Adjunct Professor Stuart Kells drew the committee's attention to the practical implications of structurally separating the Big Four firms, commenting that the 'practicalities of doing that, we think, are probably prohibitive'.76 Adjunct Professor Kells elaborated:

I think it's really important to think about how it would play out in a practical sense. Say you said, for example, to PwC in Australia—because these are international franchises obviously—'From now on in Australia you can only do auditing. You're going to do a narrow conception of external financial auditing.' They are a big multiservice firm. How are you going to implement that? Does it mean that on day two all of the consulting people leave, or that they are in different organisations that have different brands? All of those partners bought into that firm based on the multiservice thing that was PwC. On day two when it's called 'Jim's Consulting' it is a very different thing. Do we need to compensate them for that? Do we need to think about any kind of practical implementation issues? So that's what we are getting at when we say there are all sorts of curly issues.77

4.84 Submitters and witnesses from the Big Four and other industry stakeholders opposed any form of separation, either structural or operational, being introduced in Australia, with most arguing that such a course of action would be detrimental to audit quality.

4.85 PwC were concerned that operational separation would negatively impact audit quality by limiting firms' access to multidisciplinary capabilities, both

74 Mr Andrew Porter, Chair, Group of 100, Committee Hansard, 29 November 2019, p. 17.

75 Mr Amir Mostafa Ghandar, Leader, Reporting and Assurance, Chartered Accountants Australia

and New Zealand, Committee Hansard, 29 November 2019, p. 60.

76 Adjunct Professor Stuart Kells, La Trobe Business School, La Trobe University, Committee Hansard,

29 November 2019, p. 44.

77 Adjunct Professor Stuart Kells, La Trobe Business School, La Trobe University, Committee Hansard,

29 November 2019, p. 45.

74

through impaired ability to attract highly skilled staff and to effectively meet evolving client needs:

In today's world, the best talent seeks out jobs that have optionality in career paths, and joining a multidisciplinary firm with a global footprint is a significant enabler for us to attract the best and brightest minds. We also believe the future scope of audit is likely to broaden considerably, with the skills that reside outside the traditional audit business becoming increasingly important to meet stakeholder expectations.78

4.86 Likewise, Mr Johnson from EY asserted that access to the specialist expertise provided by a multidisciplinary business model is integral to audit quality:

Audit quality being paramount, then, in my view, the access to subject matter experts is paramount. We touched on valuation today. These are very complex areas. Taxation is a very complex area. Technology is a very complex area. I see that structural separation would reduce audit quality because the access to those necessary skills would be reduced or limited.79

4.87 RSM Australia (RSM) agreed that multidisciplinary firms are necessary to ensure auditors have access to sufficient in-house expertise to effectively complete their audits. RSM was, therefore, not in favour of any enforced separation between firms' audit and other services. RSM continued:

However, in our view, it is possible to have an effective, thriving multi-disciplinary practice, with deep expertise in areas that may support audit quality, such as taxation and valuation, by providing consulting and associated services to the remainder of the market, without the need to provide such services directly to audit clients.80

4.88 The G100 submitted that separation into 'stand alone' audit firms would be attempting to address a conflict of interest situation which, in its opinion, does not exist, while in reality increasing costs and reducing audit quality and effectiveness.81

4.89 The IPA-Deakin SME Research Centre suggested that, on balance, any benefits gained from restricting non-audit services with a view to enhancing audit independence are likely to be outweighed by the costs associated with firms not benefiting from the deeper understanding of clients attained through a multidisciplinary business model. The Centre continued:

In our opinion, there is a range of alternative and far more influential measures that, if implemented correctly, would be far more effective at

78 PwC, Submission 27, pp. 20-21.

79 Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, Committee

Hansard, 9 December 2019, p. 39.

80 RSM Australia, Submission 51, [p. 2].

81 The Group of 100, Submission 35, pp. 3-4.

75

enhancing audit quality rather than banning an auditor from providing NAS.82

4.90 ASIC also pointed to the potential negative impact of an operational split on audit quality as a result of not having ready access to expertise and possibly limiting the ability of audit firms to attract and retain staff.83

Alternative solutions 4.91 Recognising the need to support efforts to improve audit quality and maintain stakeholders' trust and confidence, inquiry participants presented some alternative solutions to enhance existing auditor independence safeguards in

relation to non-audit services. Mainly, inquiry participants suggested the adoption of industry-wide definitions of non-audit services categories, as well as reflective changes to the current fee disclosure framework (as required under AASB 1054).

Industry-wide definitions and associated fee disclosure 4.92 Presently, there are no industry-wide definitions of the non-audit services an auditor may perform, and indeed, current practice is that reporting entities develop their own criteria as to what constitutes the different categories of

services (for example, audit-related or other assurance services) as reported in entities' financial statements.

4.93 Demonstrating this point, Mr Lennon explained that NAB:

…have devised a policy for us on the classifications which we think is appropriate and sensible. But, when you look around other banks and how they have classified, you can see that there are some inconsistencies with how different banks or different firms have taken a different approach. I think everyone has addressed it in an appropriate manner, but, just by the fact that there aren't overriding guidelines, it does lead to the possibility of inconsistencies. I think that would be helpful, actually.84

4.94 Mr Bernie Szentirmay, National Head of Audit Quality at KPMG, noted that, generally, reporting entities have disclosed fees relating to statutory audit and other services provided by their auditor under three 'buckets'. However, there are inconsistencies in the marketplace as to which services are categorised under each bucket:

There are generally three buckets. There are financial statement audits, which I think are relatively clear; there's an understanding in the marketplace of what they mean. Then there are audits of regulatory matters, which are required under law. And then there's, kind of, a third

82 IPA-Deakin SME Research Centre, Submission 64, p. 5.

83 Australian Securities and Investments Commission, Submission 16, p. 21.

84 Mr Gary Lennon, Group Chief Financial Officer, National Australia Bank, Committee Hansard,

9 December 2019, p. 4. See also Mr Andrew Yates, National Managing Partner, Audit, Assurance and Risk Consulting, Committee Hansard, 9 December 2019, p. 73.

76

bucket, which is other assurance services. They're not necessarily required by law, but the auditor is applying assurance standards. I think that's where the lines blur a little bit and there is some inconsistency in the marketplace.85

4.95 Industry stakeholders were of the broad view that the market would benefit from clearly and consistently defined categories and associated fee disclosure of non-audit services, noting that this would provide increased transparency and clarity around the appropriate nature and value of such services.

4.96 The Australian Institute of Company Directors (AICD) noted that, currently, non-audit services are essentially defined as services other than services related to the conduct of an audit. The AICD characterised this all-purpose definition as 'unhelpful',86 and later noted:

The current definitions of what is audit work, audit-related work and non-audit work are unclear. Limited assistance is provided by the statutory definition in the Corporations Act. These definitions are of critical importance to directors who are under a statutory obligation to disclose expenditure of those amounts, as already discussed.

The AICD believes that this is an area where further regulatory guidance to assist companies and audit firms classify their work, including other types of assurance work, would be beneficial. This will assist in better reporting of how payments are made from companies to audit firms and for what kind of services.87

4.97 Welcoming discussion of measures to mitigate perceived conflicts associated with non-audit services, Deloitte also highlighted the benefit of better defined categories of services and associated fee transparency in listed entity reports:

This would mean the market could consider audit-related and other assurance services and fees separately from other non-audit services and fees. This would allow investors, shareholders and regulators to better evaluate the independence of the auditor.88

4.98 Similarly, EY asserted that 'a lack of guidance as to how to categorise non-audit services has led to inconsistencies in how companies disclose these fees in annual financial statements'.89 EY further submitted that disclosure of fees for services provided by a firm should be made according to the framework illustrated in Figure 4.2 below.

85 Mr Bernie Szentirmay, National Head of Audit Quality, KPMG, Committee Hansard,

9 December 2019, p. 73.

86 Australian Institute of Company Directors, Submission 66, p. 2.

87 Australian Institute of Company Directors, Submission 66, pp. 6-7. See also KPMG, Submission 26,

p. 4; Grant Thornton, Submission 30, p. 5.

88 Deloitte, Submission 28, p. 19.

89 EY, Submission 29, p. 5.

77

Figure 4.2 EY's proposed audit and non-audit services disclosure framework

Source: EY, Submission 29, p. 5.

4.99 The AUASB has observed inconsistencies in the disclosures of fees paid to auditors, including how the nature of other services provided are described. While not specific with regard to proposed categories of non-audit services, the AUASB recommended:

…a clearer framework is adopted in the reporting of fees to the auditor in the financial report, which discloses fees that are related to and complementary to the audit separately from those that are not related to or complementary to the audit. This would improve the information of the nature of non-audit fees paid to the audit and allow users to make informed judgements in this area.90

4.100 CPA Australia noted that in the United States (US), the Securities and Exchange Commission requires companies to disclose fees paid to external auditors for the two most recent years according to four categories—'audit', 'audit-related' (being fees reasonably related to the performance of the audit or review of the company's financial statements), 'tax', and 'all other' fees. Companies are also required to provide a narrative description in relation to other fees. CPA Australia recommended the required disclosure of fees paid to auditors in 'useful' categories, such as those applied in the US. CPA Australia further added:

To assist in fulfilling these requirements, issue guidance to clarify which fees fall within each category. This would enable better differentiation between NAS which need to be conducted by the auditor of the entity and

90 Australian Auditing and Assurance Standards Board, Submission 22, p. 6.

78

NAS which could give rise to a conflict of interest and consequently a threat to independence that needs to be mitigated.91

4.101 The G100 drew attention to fact that, although audit and other service fees paid to the auditor are currently required to be disclosed by Australian listed entities, there is no such obligation for those entities to disclose fees paid to firms that do not conduct the audit of their financial reports. Consequently, the G100 explained, 'there is no public information on an entity-by-entity basis disclosing how much in consulting or other fees are paid to accounting firms that are not the company's auditor'.92

4.102 Also noting this apparent gap in disclosure, the APESB suggested that, in addition to the different categories of fees received by auditors as suggested above, implementing more prescriptive disclosures whereby fees paid to firms other than an entity's auditor may enhance the transparency of an entity's use of the services provided by firms.93

Greater clarity on prohibited services 4.103 In the US, the Sarbanes-Oxley Act of 2002 (SOX) prohibits auditors from providing specified non-audit services to audited entities. 94 Additionally, SOX prohibits any other service deemed through regulation as impermissible by the

Public Company Accounting Oversight Board (PCAOB). Some submitters advocated a similar approach be adopted in Australia, with more prescriptive regulatory guidance on what constitutes prohibited non-audit services.

4.104 The Australian Shareholders' Association, for instance, stated that it 'would like a clear definition of acceptable audit, audit-related services and non-audit services that a firm may provide to a company'.95

4.105 CPA Australia submitted that changing perceptions and expectations with regard to which non-audit services are acceptable to perform in conjunction with an audit have created uncertainty amongst auditors. CPA Australia continued that greater clarity regarding acceptable and unacceptable non-audit services would provide auditors with certainty regarding requirements and expectations.96

4.106 Mr Andrew Rigele, National Managing Partner, Audit and Assurance, Grant Thornton, contended that regulatory requirements regarding what an auditor

91 CPA Australia, Submission 49, p. 5.

92 Group of 100, Submission 35, p. 3, emphasis original. Mr Andrew Porter, Chair, Group of 100,

Committee Hansard, 29 November 2019, p. 15.

93 Australian Professional and Ethical Standards Board, Submission 42, p. 8.

94 See Australian Securities and Investments Commission, Submission 16, p. 20.

95 Australian Shareholders' Association, Submission 46, [p. 3].

96 CPA Australia, Submission 49, p. 4.

79

or firm can or cannot do with respect to non-audit services need to be clearly defined such that there is no ambiguity in marketplace understanding:

Mr Rigele: There have, to date, been strong ethical rules around what an auditor or audit firm can do and can't do in terms of non-assurance services and other assurance services to date. To us, it's a pretty clear market expectation or that expectation gap that everyone talks about around that sentiment. I think the audit profession needs to act to that and perhaps look at something where it's clearly defined what we can and cannot do—

Senator O'NEILL: Which is the US system, as revealed to this committee clearly in the evidence from ASIC.

Mr Rigele: Yes, that's right. I think we need no ambiguity around it. We need to get to a stage where everyone understands the platform. One person's perception is reality and I think we just need to react to that.

Senator O'NEILL: Clean it up and make it clear?

Mr Rigele: Make it clear…97

4.107 BDO Australia (BDO) also argued that there is a need to clarify and strengthen the independence rules relating to non-audit services, and suggested:

…the way to do this is to better define the list of non-audit services that are prohibited. Using the guidance set out in APES 110 we suggest that a detailed list of prohibited services be developed. This should result in a clear differentiate between assurance services that can be provided by the auditor and non-audit services that are prohibited.98

4.108 Mr Timothy Kendall, Partner at BDO, expanded on this point in evidence to the committee:

Senator WHISH-WILSON: …Do you think this [the APES 110 standards] is too subjective? Does it need to be more prescriptive than what's already here?

Mr Kendall: That would be our view.

Senator WHISH-WILSON: Really?

Mr Kendall: That is generally a principles based standard. There are some specific prohibitions in there, but we believe that you'd get greater outcomes if you were more definitive on what those prohibited services were so that there was absolute clarity that these particular things could not be done by the auditor. It may be—

Senator O'NEILL: Because it takes away the self-assessment determination—

Mr Kendall: That's right—99

97 Mr Andrew Rigele, National Managing Partner, Audit and Assurance, Grant Thornton Australia,

Committee Hansard, 7 February 2020, p. 34.

98 BDO Australia, Submission 31, p. 2.

99 Mr Timothy Kendall, Partner, BDO Australia, Committee Hansard, 7 February 2020, p. 34.

80

4.109 EY also supported the development of a list of prohibited non-audit services in order to provide increased assurance that potential conflicts of interest arising from the provision of such services are being appropriately managed. EY elaborated that incorporating:

…this list of prohibited non-audit services in the Australian Auditing Standards would formalise the existing Corporations Act requirements and the APES 110 framework to inspire greater public confidence in the management of non-audit services provided to audit clients by auditors.

4.110 EY further suggested that an auditor's independence declaration, as required under the Corporations Act (see paragraph 2.39), could then also be extended to require that the auditor explicitly attest that no prohibited non-audit services were provided to the audited entity.100

Other proposed enhancements 4.111 In addition to the above, some submitters and witnesses suggested other possible changes to the current regulatory and professional standards framework in order to further enhance auditor independence.

Mandatory partner remuneration safeguard 4.112 While noting its own policy of not remunerating audit partners for selling non-audit services to audit clients, KPMG took the view that this approach should be extended across the audit profession. Specifically, KPMG submitted:

We support revising the Code of Ethics standard, APES 110, to include the concept that no audit partner can be remunerated for selling non-audit services to any audit clients of a firm, as a mandatory safeguard that all firms need to apply to mitigate risks of potential conflicts of interest.101

4.113 The IPA-Deakin SME Research Centre shared a similar view, stating that 'regulators should ensure that audit firms build remuneration incentives around audit effectiveness rather than on an excessive focus on efficiency and profitability'.102

4.114 Indeed, some firms noted that they have already adopted an approach whereby audit quality is a key determinant of a partner's remuneration. For example, representatives of EY noted that audit partners of the firm are assigned a 'quality rating' which ultimately affects the remuneration they receive. Mr Johnson explained:

When it comes to an audit partner, I've noted that audit quality is the No. 1 determinant. So it will play out in a number of ways. Assuming there have been issues, one would expect that would be a 'did not meet expectations'.

100 EY, Submission 29, p. 6. See also Mr Chris George, Professional Practice Director, Oceania, EY,

Committee Hansard, 9 December 2019, p. 40.

101 KPMG, Submission 26, p. 5.

102 IPA-Deakin SME Research Centre, Submission 64, p. 9.

81

That means there is actually a cap on the overall rating that that partner can get. There are a number. Audit quality is No. 1, but there are other dimensions that we have to measure partners as well. So there is a cap on that partner's overall rating that they cannot be above—I'll call it a 3 rating out of a 5 scale. That rating then feeds into their remuneration. So their remuneration has been reduced as a result of the rating…103

Cap on non-audit services 4.115 Despite being of the view that the framework of legislation, regulators and companies' internal governance is working effectively with regard to the provision of non-audit services, KPMG suggested that, to provide further

clarity and certainty, consideration could be given to capping non-audit services (excluding other assurance and audit-related services) for ASX 300 listed companies. KPMG continued that 'capping would involve allowing permitted non-audit services to be provided by the statutory auditor up to a set percentage of the fee paid for the statutory audit'.104

4.116 When questioned by the committee as to what such a percentage should be, Mr Szentirmay from KPMG pointed to caps imposed under similar measures internationally:

It does vary. I think the UK has gone with a 70 per cent model over an average of three financial years. That's seen that as fit for purpose in that marketplace. We see a matter of practice here in Australia that some companies have already adopted this effectively as a matter of their own internal policy. But the percentages do significantly differ. It's probably where you get towards that kind of one-to-one ratio, of the cap being 100 per cent. There tends to be a broader view that perhaps some sort of natural limit is approaching that cap.105

Auditor familiarity with audited entities 4.117 Another potential threat to auditor independence frequently raised in debate over recent years, internationally and domestically, is auditor tenure with corporate clients. While perhaps not as contentious as matters relating to the

provision of non-audit services, questions have been asked about whether longer individual auditor or audit firm tenure could lead to an over-familiarity and, in turn, an erosion of professional scepticism necessary to perform high-quality audits.

4.118 As summarised in Chapter 2, the Corporations Act and professional and ethical requirements in the APES 110 Code of Ethics set out auditor rotation and 'cooling-off' period requirements. For audits of listed entities, the

103 Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania, EY, Committee

Hansard, 9 December 2019, p. 31.

104 KPMG, Submission 26, p. 5.

105 Mr Bernie Szentirmay, National Head of Audit Quality, KPMG, Committee Hansard,

9 December 2019, p. 71.

82

Corporations Act prohibits audit partners from leading the audit of a company for more than five consecutive, or more than five out of seven successive, financial years. Former partners of an audit firm are also required to wait two years before taking up certain positions with the audited entity. The Code of Ethics largely reflects these Corporations Act requirements. However, to ensure alignment with international standards, the cooling-off period for engagement partners of listed or APRA-regulated entities has recently increased to three years, and will increase to five years from 31 December 2023.

4.119 Inquiry participants were generally of the view that Australia's existing audit partner rotation and cooling-off requirements are adequate and effectively reduce the threat posed to auditor independence through over-familiarity with the entities they audit.

4.120 The G100, for example, submitted that audit partner rotation has reduced the possibility of an auditor becoming too embedded with a client and being unable to maintain professional scepticism and independence.106 Mr Andrew Porter, Chair of the G100, reiterated this view in later evidence to the committee, stating that 'partner rotation has been successful and we would like to see that continue'.107

4.121 Deloitte commented that existing requirements:

…strike the right balance between addressing the threats to independence created by long term relationships and the need to maintain relevant knowledge and experience to support audit quality.108

4.122 Likewise, EY considered legislation in this area adequate, noting that academic research has generally found that longer tenure is associated with higher audit quality. EY further asserted that 'it should not be assumed that reductions in audit tenure will increase audit quality'.109

Mandatory firm rotation 4.123 In overseas jurisdictions, mandatory firm rotation (MFR) has been proposed and, in some cases, implemented as a measure to avoid the familiarity risk posed by longstanding relationships between an auditor and client. For

example, European Union (EU) audit legislation requires a maximum 10-year MFR for PIEs, extending to a maximum of 20 years if a public tender is conducted. However, as noted by several inquiry participants, some jurisdictions have subsequently reversed their policies on MFR, including

106 Group of 100, Submission 35, p. 3.

107 Mr Andrew Porter, Chair, Group of 100, Committee Hansard, 29 November 2019, p. 22.

108 Deloitte, Submission 28, p. 19. See also KPMG, Submission 26, p. 5.

109 EY, Submission 29, p. 15.

83

South Korea, Brazil, Argentina, Singapore, Spain and Canada. 110 Further, in the US, the statutory oversight body, PCAOB, has been explicitly prohibited from requiring MFR for public companies.111

4.124 Noting responses to MFR internationally, most inquiry participants were opposed to such a measure being introduced in Australia. Several submitters and witnesses highlighted empirical research which does not support mandating the rotation of audit firms and, indeed, suggests that MFR could be detrimental to audit quality.

4.125 KPMG observed that, over the years, the majority of academic studies relating to audit firm tenure and audit quality have not supported MFR. In particular, KPMG noted the April 2019 the study on the EU Statutory Audit Reform requested by the European Parliament's Committee on Economic and Monetary Affairs, which concluded:

When we focus on firm rotation and auditor tenure in the auditor independence literature, the evidence generally shows that a longer tenure is not associated with lower quality audits and that mandatory rotation does not necessarily lead to enhanced audit quality.112

4.126 Professor Michael Bradbury and Associate Professor Bryan Howieson pointed to a 2017 study which found mixed evidence on the impact of audit partner rotation on audit quality. That study also found:

 There are offsetting costs and benefits of audit partner rotation.  Rotation from an industry specialist to a non-specialist audit firm reduces audit quality.  Rotation from a non-specialist to a specialist auditor results in no

change in audit quality, unless the audit firm is also an industry specialist.113

110 See, for example, Australian Auditing and Assurance Standards Board, Submission 22, pp. 7-8;

Financial Reporting Council, Submission 24, p. 6; KPMG, Submission 26, p. 6; CPA Australia, Submission 49, p. 4; Mr Amir Mostafa Ghandar, Leader, Reporting and Assurance, Chartered Accountants Australia and New Zealand, Committee Hansard, 29 November 2019, pp. 60-61.

111 The Audit Integrity and Job Protection Act, passed by the US House of Representatives on

8 July 2013, amended the Sarbanes-Oxley Act of 2002 to prohibit the PCAOB from requiring that audits for an issuer of securities be conducted by a specific auditor, or that such audits be conducted by different auditors on a rotating basis (that is, mandatory firm rotation).

112 Marleen Willekens, Simon Dekeyser and Innes Simac, 'EU Statutory Audit Reform: Impact on

costs, concentration and competition', European Parliament, April 2019, p. 26, as cited in KPMG, Submission 26, p. 5. See also Australian Institute of Company Directors, Submission 66, p. 6.

113 Neal Arthur, Medhat Endrawes and Shawn Ho, 'Impact of Partner Change on Audit Quality: An

Analysis of Partner and Firm Specialisation Effects', Australian Accounting Review, vol. 27, no. 4, 2017, pp. 368-381, as cited in Professor Michael Bradbury and Associate Professor Bryan Howieson, Submission 13, [p. 5].

84

4.127 The AUASB submitted that audit firm rotation can result in increased costs, for instance through organisational disruptions, start-up costs associated with building required client knowledge, and a loss of the outgoing auditor's client-specific knowledge. The AUASB further noted that this loss of knowledge could impact on the quality of audit services delivered, and cautioned that:

It is important that any enforced requirements relating to the rotation or audit partners and/or firms does not have any unintended consequences and negatively impact audit quality. Any legislative consideration should be based on evidence relevant to the circumstances of the Australian market.114

4.128 Similarly, CPA Australia commented that while audit firm rotation may improve stakeholders' perception of auditor independence, much of the academic research on the issue has found that 'longer tenure is associated with quality and the early years of tenure with relatively lower audit quality'.115 CPA Australia also reflected on the possible application of MFR to the Australian market:

In Australia, being a relatively small capital market with companies geographically widely spread, mandatory firm rotation could result in difficulties in some companies finding a suitable auditor with the appropriate specialisations in required locations.116

Alternative solutions 4.129 While not advocating the introduction of MFR in Australia, submitters and witnesses presented other suggestions to improve transparency and clarity relating to audit firm tenure and tendering. In particular, inquiry participants

proposed additional disclosure with regard to audit firm tenure, as well as consideration of a mandated tendering regime.

Disclosure of audit tenure 4.130 The Australian Shareholders' Association argued that there should be clear disclosure in companies annual reports around the appointment and engagement of the external auditor, further asserting that 'at a bare minimum,

the date of the audit firm appointment, current audit partner’s commencement and most recent tender date should be clearly stated in the annual report'.117

114 Australian Auditing and Assurance Standards Board, Submission 22, p. 8. See also Australian

Securities and Investments Commission, Submission 16, p. 21.

115 CPA Australia, Submission 49, p. 4.

116 CPA Australia, Submission 49, pp. 4-5.

117 Australian Shareholders' Association, Submission 46, [pp. 1-2].

85

4.131 PwC also supported additional disclosure whereby companies include the length of tenure of their audit firm as well as lead partner tenure in their annual report.118

4.132 KPMG echoed this view, stating that mandating explicit disclosure of auditor tenure should be considered for the Australian market. KPMG also noted that such disclosure is mandated in the US, where PCAOB auditing standards require specific disclosure of auditor tenure in the auditor's report.119

4.133 Similarly, EY submitted:

Legislation and regulatory guidance should be developed to require a report to shareholders, as part of an annual report, by directors or the audit committee addressing auditor appointment and tenure…The ASX Corporate Governance Council might consider providing guidance on this in the absence of legislation.120

4.134 Grant Thornton also suggested the ASX's disclosure requirements as a potential avenue for increased disclosure relating to audit tenure:

…we would support amendments to the ASX Corporate Governance Disclosure requirements in relation to an explicit statement by Those Charged with Governance in cases where they have retained the same audit firm for 10 or more years in order to provide transparency on the perception of audit firm rotation.121

Mandated tendering regime 4.135 Noting a lack of evidence to support any improvements to audit quality gained through MFR, and that there are already audit partner rotation requirements in place, CPA Australia submitted that consideration:

…might be given to adopting as best practice, audit tendering at reasonable intervals. This could be done through ASX listing rules or Corporate Governance Principles and Recommendations. For example, suggesting tenders every 10 years may be worth exploring to avoid very long tenures which create a lack of independence of appearance.122

4.136 KPMG also supported consideration of a mandatory tendering regime, noting that this may increase transparency and better safeguard audit quality than MFR. However, KPMG suggested that mandatory tendering, if implemented, could take the form of a 'comply or explain' regime, where companies are

118 PwC, Submission 27, p. 20.

119 KPMG, Submission 26, p. 6.

120 EY, Submission 29, p. 15.

121 Grant Thornton, Submission 30, p. 4.

122 CPA Australia, Submission 49, p. 5.

86

required to put audits out for tender based on a certain timeline or must otherwise explain to shareholders why this has not occurred.123

4.137 The Australian Shareholders' Association also noted its support for such a regime:

[The Australian Shareholders' Association] believes that good corporate governance mandates that audit firms should be reviewed periodically and there should be a competitive tender for the external audit every 10 years (or sooner where audited accounts have been shown to be deficient, inaccurate and in breach of the accounting standards)…Beyond 10 years with the one auditor, the audit committee should disclose in the Annual Report the rationale and intentions for maintaining independence of the external auditor.124

4.138 Mr Ghandar from CA ANZ described a similar mandated tendering approach, although he suggested a longer tenure review period of 15 to 20 years:

…we would like to see that tackled through an 'if not, why not?' governance approach where boards would be tasked with reviewing their auditor's tenure at least every 15 to 20 years and, if they don't put the audit out to tender and change auditors, with explaining why that is.125

Committee view 4.139 Many of the issues raised during the inquiry appear to stem from incomplete information or presumptions. In this regard, the committee stresses the importance of distinguishing between issues that impact on audit quality 'in

fact', versus those that are a matter of perception. For example, it may be that the provision of non-audit services has no actual discernible impact on audit quality. And yet, the provision of non-audit services may impact the perception of independence which, as a consequence would impact the perception of audit quality. The committee acknowledges that perceptions are important even though they are not the same thing as an actual variation in audit quality outcomes.

4.140 The committee agrees with the majority of stakeholders that there is scope to tighten rules regarding auditor independence, particularly as it relates to the provision of non-audit services. Even if they do not materially improve audit quality, measures which enhance transparency of auditors' independence are likely to improve stakeholders' perceptions of audit quality and thereby improve confidence and trust in capital markets.

4.141 With this in mind, the committee considers that conflicts of interest and auditor independence need to be an ongoing focus area. Regulatory

123 KPMG, Submission 26, p. 6.

124 Australian Shareholders' Association, Submission 46, [p. 4].

125 Mr Amir Mostafa Ghandar, Leader, Reporting and Assurance, Chartered Accountants Australia

and New Zealand, Committee Hansard, 29 November 2019, p. 60.

87

approaches regarding auditor independence need to keep pace with changing community expectations. Indeed, extensive legislation, standards, and professional and ethical safeguards surrounding the provision of non-audit services notwithstanding, the committee is acutely aware of the concerns and expectations expressed by some stakeholders regarding auditor independence when an audit firm also provides other services to an audited entity.

4.142 The committee therefore considers it timely that further measures are undertaken with respect to the provision by an audit firm of non-audit services and auditor independence declarations. In developing and consulting on such measures, appropriate consideration should be given to the merits of reforms implemented in international jurisdictions, such as the US Sarbanes-Oxley Act of 2002.

4.143 In making the following recommendations, the committee is mindful of the need to balance concerns regarding the provision of non-audit services against the level of expertise and resources that are required to conduct the audits of large, increasingly complex entities. The committee is of the view that multidisciplinary firms with specific expertise in specialised areas are best placed to deliver high-quality audits that address the needs of modern businesses.

4.144 Further, the committee is aware that these changes have both costs and benefits. The committee has taken a prudent approach of addressing the threats to auditor independence (real and perceived), noting that there is a risk that more radical measures to enhance auditor independence could result in a trade-off in other equally important factors, such as auditor competence.

Recommendation 3

4.145 The committee recommends that the Financial Reporting Council, in partnership with ASIC, by the end of the 2020-21 financial year, oversee consultation, development and introduction under Australian standards of:

 defined categories and associated fee disclosure requirements in relation to audit and non-audit services; and  a list of non-audit services that audit firms are explicitly prohibited from providing to an audited entity.

Recommendation 4

4.146 The committee recommends that the Corporations Act 2001 be amended so that an auditor's independence declaration is expanded to require the auditor to specifically confirm that no prohibited non-audit services have been provided.

88

Recommendation 5

4.147 The committee recommends that the Australian Professional and Ethical Standards Board consider revising the APES 110 Code of Ethics to include a safeguard that no audit partner can be incentivised, through remuneration advancement or any other means or practice, for selling non-audit services to an audited entity.

4.148 Evidence to the committee noted that the implementation of mandatory firm rotation in other jurisdictions to date has been largely unsuccessful. Indeed, a number of countries have chosen to repeal their mandatory firm rotation policies or, in the case of the US, explicitly prohibit their introduction. Further, any potential repercussions of the 10-year mandatory firm rotation regime in place for PIEs in the EU are yet to be seen. On this basis, and noting the inherent costs that would be incurred through organisational disruption and losses in client knowledge, the committee considers that it would be unwise to propose such a measure be introduced in Australia.

4.149 The committee is confident that the current and proposed legislative and professional requirements on audit partner rotation and cooling-off periods are operating effectively to manage threats to auditor independence posed through longstanding auditor tenure. However, in the interests of supporting stakeholders trust and confidence in audit and, by extension, corporate governance relationships, the committee believes that transparency around auditor tenure can be improved.

4.150 The committee is of the view that introducing a requirement for disclosure of auditor tenure by corporate entities is a relatively simple and low-cost regulatory change that would have considerable benefits for stakeholder perceptions of Australia's audit market. Likewise, the committee considers that a 10-year mandatory tendering regime, under which corporate entities may elect not to undertake a public tender process as long as the reasons for not doing so are disclosed to shareholders, would strike the right balance between providing stakeholders with improved visibility of auditor-client relationships, without imposing significant regulatory burden or enforcing losses in client knowledge.

Recommendation 6

4.151 The committee recommends that the Financial Reporting Council, by the end of the 2020-21 financial year, oversee the revision and implementation of Australian standards to require audited entities to disclose auditor tenure in annual financial reports. Such disclosure should include both the length of tenure of the entity's external auditor, and of the lead audit partner.

89

Recommendation 7

4.152 The committee recommends that the Corporations Act 2001 be amended to implement a mandatory tendering regime such that entities required to have their financial reports audited under the Act must:

 undertake a public tender process every ten years; or  if an entity elects not to undertake a public tender process, the entity must provide an explanation to shareholders in its annual report as to why this has not occurred.

The committee further recommends that such a tender process be implemented by 2022 for any entity that has had the same auditor for a continuous period of ten years since 2012.

91

Chapter 5

Meeting user expectations

5.1 Consideration of the wider financial reporting framework and the roles that key stakeholders within that framework play with regard to audit quality highlights the existence of a disconnect between the regulatory requirements of an audit and auditors, and the general public's expectations regarding the functions of an audit and auditors. This apparent disconnect, widely referred to as the 'expectation gap', has been recognised within the audit profession for many years.

5.2 Indeed, in August 2002, the Joint Standing Committee on Public Accounts and Audit commented on the expectation gap in its Review of Independent Auditing by Registered Company Auditors. That report stated:

…there is a strong sense that much of the disquiet regarding apparent audit failures in cases of corporate collapses stems from an 'audit expectation gap'.

The expectations gap might be described as the misalignment between what auditors understand should, or can be delivered and what stakeholders, including the general public, expect auditors to deliver.1

5.3 Mazars reflected on how the expectation gap has influenced, and undeniably continues to influence, debate and public commentary regarding the role and quality of audit:

The expectation gap creates significant friction when considering the role and quality of audit, especially as these matters are considered and debated in the press and public forums. The audit profession has significantly increased the scope of the work required in an audit through continuing development of professional standards. Unfortunately, there remains a public understanding of the role of the auditor that is at odds with the actual role of the auditor under legislation and contractual provisions of appointment2

5.4 This chapter examines the expectation gap as it relates to perceived responsibilities to detect and prevent fraud and misconduct, and the assessment of a company's ongoing economic viability. Proposals to expand the scope of audit in order to help address the expectation gap are then explored, including a discussion of digital financial reporting as an enabler for technology-driven changes in analysis and auditing.

1 Joint Standing Committee on Public Accounts and Audit, Report 391—Review of Independent

Auditing by Registered Company Auditors, August 2002, p. 108.

2 Mazars, Submission 50, p. 3.

92

Expectations regarding fraud, misconduct and economic viability 5.5 As raised by numerous submitters and witnesses, the expectation gap is most evident with regard to financial report users' understanding of the auditor's role in preventing and detecting fraud and misconduct, and in assessing a

company's economic viability.3 The relative responsibilities of directors and management versus that of auditors in these areas are often misconstrued, and the outcomes achievable by an audit overestimated.

5.6 BDO Australia summarised in layman's terms what some users expect from an audit:

Auditors have a number of responsibilities, but the main thrust of audit is currently aimed at the financial statements. Although our responsibilities are clear in law and regulation, it is also clear that this is not readily understood by users and indeed falls short of the extent to which many of them want the auditors to be involved.

Put simply in lay terms, we believe users want auditors to be involved in: 'checking the financials are right' [currently the fundamental objective of an audit], 'checking that the control environment is sound', 'checking for management fraud', and 'giving some confidence that the company is going to continue in existence'.4

5.7 This apparent distinction between auditors' duties and public expectations was clearly demonstrated in evidence from Mr Chris George, Professional Practice Director, Oceania, EY, pertaining to the audit of payroll transactions:

Ms HAMMOND: I have one final question, in relation to a number of organisations or companies—and I'm not going to name any—who have recently been found to have been systematically underpaying employees. To what extent, under our current audit frameworks and processes—and this gets, I think, to the sampling question—could auditors have picked up on this?

Mr George: It's a good question. I think also relates to one of the recommendations we have made in our submission, around, 'Are audits meeting public expectations and the needs of users in areas broader than the financial statements?' In a typical financial statement audit, when any auditor is auditing payroll, we are making sure the transaction that has been entered into with a third party—an employee, a customer, a supplier—is recorded in the financials at the value it was transacted at. As I mentioned earlier, we have requirements around compliance with laws and regulations. They are to satisfy ourselves that the company understands what its laws and regulations are and has processes in place to deal with them. We're not required to audit those processes. When it comes to payroll we would typically make sure there is an approval of an amount of payroll being made. We're looking to see that the dollars that

3 See, for example, CPA Australia, Submission 49; EY, Submission 29; BDO Australia, Submission 31;

Professor Peter Wells, Submission 7; Professor Ken Trotman, Private capacity, Committee Hansard, 29 November 2019, pp. 57-58.

4 BDO Australia, Submission 31, p. 1.

93

have been paid to the employees have been approved appropriately. Our audit would not necessarily go to the extent of looking at awards for individual employees. We would ask questions of the company around whether they were aware of the audits they needed to comply with and that they had processes in place to do so.5

5.8 Auditors' duties in relation to the detection of fraud and misconduct are limited to that which would have a material impact on the audited entity's financial statements. Australian Auditing Standards explicitly recognise that there are inherent difficulties in an auditor's ability to detect fraud and misconduct, and that the primary responsibility for the prevention and detection fraud and non-compliance with laws and regulations rests with those charged with governance and management of an entity (see paragraphs 2.22-2.25).

5.9 Likewise, the primary responsibility for the economic viability of an entity also rests with its management and directors. An auditor's role in this respect is limited to evaluating and concluding on the appropriateness of management’s assessment of the entity’s ability to continue as a going concern (see 2.27-2.28).

5.10 In relation to this, the Group of 100 (G100) drew attention to the obligations of directors and management under the continuous disclosure regime applicable to

Australian-listed entities, the requirements of which are not a feature of most other jurisdictions. 6 The G100 submitted:

It is important to note that auditors are not responsible for opining on continuous disclosure matters—this remains the responsibility of the Board which reinforces the very salient point that ultimately it is the Board who are responsible to the shareholders for the operation of a company, for its internal controls and for its financial statements.7

Link between corporate collapse and audit 5.11 As mentioned previously, concerns about audit quality, particularly internationally, have stemmed primarily from high-profile collapses of corporate entities in recent years.8 These corporate collapses have led to

5 Mr Chris George, Professional Practice Director, Oceania, EY, Committee Hansard,

9 December 2019, p. 37.

6 ASX Listing Rule 3.1 requires that once an entity is or becomes aware of any information

concerning it that a reasonable person would expect to have a material effect on the price or value of the entity’s securities, the entity must immediately tell the ASX that information. This rule is given statutory force under section 674 of the Corporations Act.

7 Group of 100, Submission 35, p. 1. See also Mr Andrew Porter, Chair, Group of 100, Committee

Hansard, 29 November 2019, pp. 15 and 17.

8 For example, several banks and financial services corporations either collapsed or required bailing

out during the 2008 global financial crisis, including Bear Stearns, Fannie Mae, Citigroup,

94

perceptions of audit failure, or at the very least, a loss of trust in corporate reporting and audit.

5.12 Some inquiry participants sought to clarify such perceptions. For example, Professor Peter Wells submitted:

Concerns about audit quality are frequently expressed, and there are instances of perceived 'failure'. However, corporate failure should not be attributed to auditors, this is the responsibility of managers and directors. The concern here should be limited to 'financial reporting' failures and this is jointly attributable to managers, directors and auditors.9

5.13 Chartered Accountants Australia and New Zealand (CA ANZ) made the point that an auditor makes an assessment of a company's financial viability at a particular point in time and cannot predict future events. Circumstances in a company or economy can change quickly and therefore, company failure does not necessarily mean there has been an audit failure.10

5.14 Deloitte expressed the opinion that 'even the best audit cannot prevent all forms of corporate collapse', further contending that 'companies fail for many reasons, and there is no systemic, causal link between corporate failure and audit quality in Australia'.11

5.15 Mrs Jody Burton, Chief Risk Officer at Deloitte Australia, reiterated this point in later evidence, also underlining that the opinion expressed in an auditor's report is based on the particular circumstances that existed at the point in time the report was signed:

Senator O'NEILL: Deloitte was the auditor of the failed Hastie Group. When a company fails, and an auditor has signed off on the accounts, to what extent can we question the role and responsibility of the auditor?

Mrs Burton: You're quite correct. Deloitte were the auditors of Hastie. But, I think, as you've noted in relation to corporate collapse, companies fail for many reasons. Those reasons can be internal factors as well as the external environment. It can be in relation to economic conditions. It can be a disruption to the industry or the business model. It can be the strategic choices or the financial decisions made by an entity's management. We're unable to advise on those choices.

The definition of 'going concern' is essentially whether a company can pay off its debts as and when they fall due within a 12-month period. That opinion is struck at the date of signing the audit opinion by the directors of

American International Group, Lehman Brothers and Northern Rock. Halifax Bank of Scotland troubles also prompted a government rescue and a merger with Lloyds TSB. See Ian Gow and Stuart Kells, The Big Four, La Trobe University Press, 2019, pp. 122-123.

9 Professor Peter Wells, Submission 7, [p. 2].

10 Chartered Accountants Australia and New Zealand, Submission 2, p. 8.

11 Deloitte, Submission 28, p. 6.

95

the company and by the auditor. Essentially, circumstances can change after that event, so it's based on the set of circumstances that exist at the point in time.12

5.16 Professor Allan Fels AO also acknowledged there are key factors other than audit quality that may ultimately lead to corporate collapse:

Oh, yes. The main cause of corporate collapses is not typically a failure in auditing, but it can be a contributing factor. It looks bad, and the better the auditing the fewer the collapses.13

Expanding the scope of audit 5.17 Generally, efforts to address the expectation gap have focused on better educating the business community, media and other stakeholders about the role and scope of audit. However, the success of this approach has been

limited at best, and some argue that the expectation gap is in fact widening with the increasing complexity of the business environment in which the audit profession operates.

5.18 On this point, Deloitte submitted:

What society expects of business is fundamentally changing, and the kind of assurance that is needed is evolving with it. It is no longer only about what is required by standards and laws. This has driven an increasing 'expectations gap' between the role audit is intended and required to play versus the role that some expect audit to play. To that end, there is a gap between the audit product dictated by current audit and accounting standards and the expectation by some that audit provide more—from additional assurance across a business' functions to enhanced perspectives on fraud and misconduct, to judgments of long-term financial viability.

Stakeholders now look to auditors for deeper insights that focus on risk, operations and financial performance to better understand an organisation's future viability, as well as insights that contribute to a forward-looking agenda.14

5.19 While the drivers of the expectation gap are arguably a matter of perception for the most part, addressing the gap is an important factor in the debate about audit quality, as audit quality is ultimately assessed by the market through the investment decisions made. Several inquiry participants supported moving away from the usual education-based approach to addressing the expectation gap and suggested that, alternatively, expanding the scope of audit to better meet users' needs be considered.

5.20 RSM Australia, for instance, expressed the view that previous attempts to narrow the expectation gap have failed and consequently:

12 Mrs Jody Burton, Chief Risk Officer, Deloitte Australia, Committee Hansard, 9 December 2019,

pp. 46-47.

13 Professor Allan Fels AO, Private capacity, Committee Hansard, 29 November 2019, p. 5.

14 Deloitte, Submission 28, p. 10.

96

…the audit profession should consider the alternative that there may indeed be a 'delivery gap' between what an audit delivers and what the public have a right to expect. We therefore support an approach, after appropriate research, of changing the scope of an audit to better match public needs and expectations.15

5.21 Similarly, Deloitte stated that 'it is time to move beyond the effort to continue to explain to investors and broader stakeholders what they should expect', and that 'it is time to take action to address the causes driving this gap'.16

5.22 In accordance with that view, Mr Matt Graham, Managing Partner, Assurance at PricewaterhouseCoopers (PwC), commented that 'there is an opportunity there for us to, instead of talking about how wide that gap is, start to work as to how we might be able to close it'.17

5.23 KPMG also argued that there are opportunities to expand the scope of audit, noting advancements in technologies as well as auditor and specialist skills sets:

With the market rapidly changing, and expectations along with it, we believe there are opportunities to evolve the function and scope of audit. Given the rapid rise of technology and the increasing sophistication of auditor and specialist skills, there are a range of possibilities to constructively expand the role of audit and auditors where there is market demand and it is beneficial to the operation of capital markets.18

5.24 CPA Australia suggested that to address users' needs and expectations with respect to audited information, it is necessary to first identify the key users of corporate reporting, then determine users' needs and identify which are reasonable to meet, and finally identify services which could address those needs. While CPA Australia recommended a cost-benefit analysis to best determine ways in which users' needs could be met, it noted that primary needs are likely to include minimisation of unexpected corporate collapse, and prevention or early detection of fraud.19

5.25 The Financial Reporting Council (FRC) supported key stakeholders exploring how the expectation gap can be addressed. However, it noted the importance of any changes to the scope of audit being considered in light of sufficient and appropriate evidence. In particular, the FRC advised that any expansion of auditors' responsibilities to specifically consider fraud or misconduct needs to consider the cost and benefits of doing so.20

15 RSM Australia, Submission 51, [p. 3].

16 Deloitte, Submission 28, p. 10.

17 Mr Matt Graham, Managing Partner, Assurance, PwC, Committee Hansard, 9 December 2019, p. 81.

18 KPMG, Submission 26, p. 13.

19 CPA Australia, Submission 49, p. 10.

20 Financial Reporting Council, Submission 24, pp. 2 and 10.

97

5.26 Professor Wells also highlighted the increased cost associated with extending the scope of audit to include endorsement of a company's ongoing economic viability and the detection of non-material fraud or misconduct, asserting that there is no economic rationale for extending audit to include these matters. Professor Wells noted that doing so 'would impact large firms and small firms, including those where this is less problematic', and contended that 'this is more appropriately considered a function of management and directors'.21

5.27 Similarly, the G100 stressed that in considering any changes to auditors' responsibilities in relation to a company's economic viability:

Directors should not abrogate their responsibilities either in the financial statements or in continuous disclosure for informing the market and shareholders about any issues arising out of going concern. Equally, however, auditors need to be able to satisfy themselves that the going concern basis is appropriate. There may be scope for further explanation to stakeholders as to what work has been done to provide this assurance.22

Strengthened reporting on fraud and assessment of going concern 5.28 Some submitters proposed that audit and financial reporting requirements relating to the detection of fraud and management's assessment of going concern could be strengthened, thereby helping to address public expectations

through greater transparency.

5.29 For example, on the issue of detecting and preventing fraud, KPMG submitted:

We would support additional content being included in audit reports which communicates the auditor's obligations to detect or prevent fraud, and which further specifies the audit procedures undertaken to address the risk of material fraud as part of the audit.

The content should be tailored to the client based on specific knowledge of the relevant industry and avoid the use of 'boilerplate' language. Disclosures should enable a user to understand how fraud might occur, and the specific audit tests designed to enable the auditor to obtain reasonable assurance that the financial statements are free of material misstatement.23

5.30 PwC suggested that consideration be given to requiring more deliberate analysis and company reporting on going concern, as well as whether such information should be subject to audit. PwC continued:

We also see merit in exploring whether auditors should be required to always include a key audit matter on going concern in their audit reports to provide context about the auditor's views.24

21 Professor Peter Wells, Submission 7, [p. 3].

22 Group of 100, Submission 35, p. 5.

23 KPMG, Submission 26, p. 14. See also PwC, Submission 27, p. 24.

24 PwC, Submission 27, p. 24.

98

5.31 Likewise, KPMG noted its support for implementing a new reporting requirement whereby the auditor of a listed entity provides a clear statement on whether management's assessment of going concern satisfies reporting requirements and, additionally, that the auditor sets out work done in this respect. Expanding on this point, KPMG argued:

We consider the need to address public expectations through greater transparency outweighs the additional costs that would be associated with these proposals, including those arising from the need for further regulation of both companies and auditors.25

Enhanced corporate financial reporting 5.32 High-quality financial reporting and, by extension, high-quality audit, is reliant on strong internal controls over the information included in financial reports. Evidence arising from international jurisdictions suggests that

measures which enhance corporate financial reporting in respect of companies' internal controls, particularly in relation to identifying and addressing fraud risk, can have a positive impact on audit quality. Such measures effectively minimise the expectation gap by promoting a strong framework of responsibilities within the wider financial reporting ecosystem.

5.33 In the United States (US), the Sarbanes-Oxley Act of 2002 (SOX)—introduced following the high-profile collapses of the Enron and WorldCom corporations—significantly expanded focus on the responsibilities of management and directors for internal control over financial reporting. Under SOX, management of issuers of securities are required to sign off and annually report on internal controls. Specifically, as outlined by the Australian Securities and Investments Commission (ASIC), section 302 of SOX requires company management to certify that they:

(a) are responsible for establishing and maintaining internal controls; (b) have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities,

particularly during the period in which the periodic reports are being prepared; (c) have evaluated the effectiveness of the issuer’s internal controls within 90 days prior to the report; and (d) have presented in the report their conclusions about the effectiveness

of their internal controls.26

5.34 In addition to mandating these internal control procedures, section 404 of SOX requires the external auditor to report on the accuracy of company

25 KPMG, Submission 26, p. 15.

26 Australian Securities and Investments Commission, Submission 16, p. 7.

99

management's assertion that the internal controls in place on financial reporting are operational and effective.

5.35 In discussing the effectiveness of and appropriateness of Australia's current legislation and regulation in supporting audit quality, submitters and witnesses broadly supported an internal control framework similar to that implemented in the US being considered in the Australian context.27

5.36 Such an approach has also been considered in recent reviews relevant to audit quality in the United Kingdom (UK). Indeed, Sir Donald Brydon's final report of the Independent Review into the Quality and Effectiveness of Audit recommended:

That the Government gives serious consideration to mandating a UK Internal Controls Statement consisting of a signed attestation by the CEO and CFO to the Board that an evaluation of the effectiveness of the company’s internal controls over financial reporting has been completed and whether or not they were effective, as in SOX 302(c) and (d). This attestation should be received by the Board no later than 28 days before the accounts of the company for the relevant financial period are signed. The Board should then report to shareholders that it has received such an attestation.28

5.37 While of the view that there is no single 'quick-fix' solution to holistically improve audit quality, ASIC submitted that 'good corporate financial reporting controls will assist with audit quality'.29 ASIC highlighted the following points in support of possible policy reforms similar to those effected in the US under SOX:

 Evidence in the United States suggests the annual reports by management and auditors on internal controls have led to improved internal controls for processes supporting financial reporting, and to improved financial reporting and audit.

 The reports and underlying processes are likely to result in increased confidence in audited financial reports and assist companies in accessing capital.30

5.38 Grant Thornton supported measures to reinforce the role of directors and other stakeholders in the maintenance of an appropriate control environment and the preparation of high-quality financial statements. Grant Thornton elaborated:

27 See, for example, KPMG, Submission 26; Australian Securities and Investments Commission,

Submission 16; PwC, Submission 27; EY, Submission 29; Grant Thornton, Submission 30, Mazars, Submission 50.

28 Sir Donald Brydon CBE, Assess, Assure and Inform: Improving Audit Quality and Effectiveness—Report

of the Independent Review into the Quality and Effectiveness of Audit, December 2019, p. 63.

29 Australian Securities and Investments Commission, Submission 16, pp. 12-13.

30 Australian Securities and Investments Commission, Submission 16, p. 21.

100

We see the role of audit as part of a wider ecosystem where other stakeholders also have responsibilities. We note that quality has improved in the United States market with the introduction of greater responsibility and promotion of the role of directors in respect of their duties and the requirements of the auditor to report on the control environment.31

5.39 EY pointed to evidence from the US (Figure 5.1) which indicates that the level of financial statement restatements from accelerated filers32 has significantly reduced since the SOX reforms were introduced.33

Figure 5.1 Financial statement restatements from accelerated filers in the US

Source: Audit Analytics (2017 Financial Restatements), as cited in EY, Submission 29, p. 12.

5.40 Mr Gatt from Deloitte also explained this US evidence base to the committee:

Because of that focus on internal controls, we've seen that in the US the evidence base is that the quality of financial reporting has improved significantly. SOX came in in 2002 or 2003. We were talking before about ASIC's level of restatement. Here it's four to five per cent. In the US, the level of restatements of material issues peaked in 2005, as companies became used to SOX, at around 900 restatements of the listed companies. Basically, from there to 2018, that has dropped by around 85 per cent to where it's currently sitting now—about 120. By our calculations, that equates to about a 1½ per cent restatement rate. SOX has been a key part of that. Essentially management are personally accountable for the internal control system. We're not coming away from our responsibilities, but, essentially, all elements are covered.34

31 Grant Thornton, Submission 30, p. 3.

32 In the US, issuers of securities qualify as an 'accelerated filer' if they have public float of

USD $75 million or more, but less than USD $700 million. Accelerated filers are subject to shorter filing deadlines for quarterly and annual reports and are subject to some disclosure and other requirements that do not apply to non-accelerated filers.

33 EY, Submission 29, p. 12.

34 Mr Jamie Gatt, Managing Partner, Audit and Assurance, Deloitte Australia, Committee Hansard,

9 December 2019, p. 60.

101

Digital Financial Reports 5.41 The use of Digital Financial Reports (DFRs) is likely to be a significant enabler for technology-driven changes in analysis and auditing. DFRs can be read like a PDF document but also allow users, auditors and regulators to readily

extract information electronically for analysis, comparison and risk assessment. However, DFRs are not widely used in Australia, hindering potential advances in analysis and auditing.35 The limitations on DFRs in Australia and options for resolving them are discussed below.

Current status of digital financial reporting 5.42 The current format of financial reports presents substantial challenges for users, including regulators, standard-setters and professional bodies, in terms of being able to access information. Financial information is often provided as

text with variable formats, and extraction of data is time-consuming, expensive and subject to error.36 This impacts the transparency of and ease with which information is analysed.37

5.43 Some digital information can be obtained from data aggregators, who digitise the contents of financial reports once they have purchased the reports from ASIC. While many users presently send financial statements overseas to have the data extracted, the accuracy is poor. Further, the Australia Accounting Standards Board (AASB) indicated that even after the data has been extracted, additional work and expense is required to get the data into a suitable form for analysis.38

5.44 The relevant standards for DFRs appear to be in place. For example, the International Accounting Standards Board (IASB) has developed a taxonomy for tagging information in financial statements that enables the computerised extraction of financial information, referred to as 'eXtensible Business Reporting Language'.39

5.45 Further, the committee received evidence that companies already produce DFRs for other jurisdictions. DFRs have been used in the US since 2009.40 In 2018, the US Securities and Exchange Commission (SEC) issued a rule that requires registrants to use a digital format in their submissions of operating

35 Australian Securities and Investments Commission, Submission 16, p. 13.

36 Professor Peter Wells, Submission 7, [pp. 4-5].

37 CPA Australia, Submission 49, p. 5.

38 Australian Accounting Standards Board, Submission 32, pp. 12-13; Professor Peter Wells,

Submission 7, [pp. 4-5].

39 Australian Accounting Standards Board, Submission 32, pp. 12-13; Professor Peter Wells,

Submission 7, [pp. 4-5].

40 Professor Peter Wells, Private capacity, Committee Hansard, 7 February 2020, p. 10.

102

company financial statement and fund risk/return information.41 Additionally, from January 2020, the European Union (EU) will require DFRs for all companies listed on European exchanges.42

5.46 Some Australian companies are already required to use DFRs in other contexts. A number of Australian companies with securities listed in the US are now required to lodge DFRs with the US SEC.43 In Australia, the Australian Prudential Regulation Authority currently requires digital reports from banks. However, that requirement has not been extended to other companies traded on the stock exchange.44

5.47 A range of stakeholders including ASIC, the AASB, CPA Australia, and Professor Wells noted that while companies have been able to voluntarily lodge DFRs with ASIC since 2010, no DFRs have been lodged to date.45 Both ASIC and Professor Wells suggested that companies do not lodge DFRs because analysts have not updated their systems to use DFRs, and analysts are not updating their systems because no entities produce the DFRs.46

5.48 Given that voluntary use of DFRs has been available for a decade, Professor Wells suggested it would be better to legislate to require DFRs than for ASIC to make a policy or the AASB to make a standard.47

Benefits of digital financial reporting 5.49 A number of submitters and witnesses, including PwC, Deloitte, CA ANZ, and Professor Wells, supported the use of DFRs.48

5.50 Professor Wells referred to research from the US which indicates that DFRs:

41 CPA Australia, Submission 49, p. 5; Chartered Accountants Australia New Zealand, Supplementary

Submission 2.1, p. 6; See also Emeritus Professor Keith Houghton and Professor Christine Jubb, Submission 63, [p. 6].

42 Australian Securities and Investments Commission, Submission 16, p. 13. See also Chartered

Accountants Australia New Zealand, Supplementary Submission 2.1, p. 6; PwC, Submission 27, p. 26; Professor Peter Wells, Private capacity, Committee Hansard, 7 February 2020, p. 14.

43 Australian Securities and Investments Commission, Submission 16, p. 13.

44 Emeritus Professor Keith Houghton and Professor Christine Jubb, Submission 63, [p. 6].

45 Australian Securities and Investments Commission, Submission 16, p. 13; Australia Accounting

Standards Board, Submission 32, p. 12; CPA Australia, Submission 49, p. 5; Professor Peter Wells, Private capacity, Committee Hansard, 7 February 2020, p. 10.

46 Australian Securities and Investments Commission, Submission 16, p. 13; Professor Peter Wells,

Private capacity, Committee Hansard, 7 February 2020, p. 10.

47 Professor Peter Wells, Private capacity, Committee Hansard, 7 February 2020, p. 10.

48 Deloitte, Submission 28, p. 4; PwC, Submission 27, p. 26; Professor Peter Wells, Private capacity,

Committee Hansard, 7 February 2020, p. 9; Australian Securities and Investments Commission, Submission 16, p. 13.

103

 increase transparency and led to improvements in financial statement quality;  lower information processing costs for users of financial statements;  increase analyst forecast accuracy; and  improve the information efficiency of capital markets.49

5.51 Professor Wells also suggested that if Australia was to mandate DFRs, that would provide opportunities for the financial services and technology industries to develop technology and products using DFRs.50

5.52 Similarly, CA ANZ submitted that DFRs would enable more meaningful and customised reporting for stakeholders, better-informed investors, and better decision making. 51

5.53 Evidence to the committee indicated that regulators and standard setters would benefit substantially from the widespread adoption of digital financial reporting. For example, the ability to electronically extract risk assessment data would allow ASIC to more effectively target areas of risk. This would apply to audit inspections as well as other areas of ASIC's work.52

5.54 The AASB noted that DFRs assist standard-setters to research and assess the scope and potential impact of proposed changes to standards. For example, the national accounting standard-setters in the US, UK and Europe have access to digital financial report information, enabling them to analyse the costs and benefits of proposed changes to standards.53

5.55 Importantly, Professor Wells suggested there could be a substantial cost saving for regulators arising from the use of DFRs:

The cost savings for ASIC would be enormous, in terms of the supervision regime. Cost savings for users would be enormous because every major financial institution re-formats the financial statements to their own. So, instead of having to do it with 10 financial institutions, you would have just the one piece of software that they generate and does it every time. So, there would be enormous benefits to that.54

5.56 The FRC, Australian Auditing and Assurance Standards Board and AASB suggested that DFRs lodged with ASIC on the public record should be freely

49 Professor Peter Wells, Submission 7, [pp. 4-5].

50 Professor Peter Wells, Submission 7, [pp. 4-5].

51 Chartered Accountants Australia New Zealand, Supplementary Submission 2, p. 6.

52 Australian Securities and Investments Commission, Submission 16, p. 13. See also Deloitte,

Submission 28, p. 4; Professor Peter Wells, Submission 7, [pp. 4-5]; Professor Peter Wells, Private capacity, Committee Hansard, 7 February 2020, p. 9.

53 Australia Accounting Standards Board, Submission 32, pp. 3 and 12-13.

54 Professor Peter Wells, Private capacity, Committee Hansard, 7 February 2020, p. 9.

104

available to standard-setters and regulators, as it would enable them to better perform their functions.55

5.57 CPA Australia suggested that removing ASIC registry fees for access to corporate information would enable greater transparency and facilitate analysis on a timely basis.56

Costs of implementing digital financial reporting 5.58 Professor Wells argued that the costs of implementing digital financial reporting are exaggerated:

The costs, I think, are largely overstated. A lot of accounting firms use software to generate general purpose financial reports. An example would be CaseWare. If you used that software then it would be very easy for the software provider to modify the software to include tags or labels. That would automatically populate the files which are issued. That would be a relatively low-cost option because it's one software provider updating it and everyone just using it. I think the costs which have been claimed in the past are overstated these days.57

5.59 The following factors would limit the costs to business of adopting DFRs:

 the IASB has developed and propagated appropriate standards;  experience has already been gained in the US and will soon be gained in Europe; and  existing software solutions and additions could be made to existing

software.58

Committee view

Expectation gap and increasing complexity 5.60 Addressing the gap between what users of financial reports expect an auditor to provide and what auditors are required to provide under statutory obligations is no simple task. However, the committee considers it should be

explored to further strengthen trust in the system and better meet users' needs.

5.61 Numerous submitters and witnesses stated that the expectation gap is most evident with regard to the auditor's role in preventing and detecting fraud and misconduct, and in assessing a company's economic viability. Further, the relative responsibilities of directors and management versus those of auditors

55 Australia Accounting Standards Board, Submission 32, p. 13; Financial Reporting Council,

Submission 24, p. 13; Australian Auditing and Assurance Standards Board, Submission 22, p. 24.

56 Ms Claire Grayston, Policy Adviser, Audit and Assurance, CPA Australia, Committee Hansard,

7 February 2020, p. 19.

57 Professor Peter Wells, Private capacity, Committee Hansard, 7 February 2020, p. 9. See also

Chartered Accountants Australia and New Zealand, Supplementary Submission 2.1, p. 6.

58 Professor Peter Wells, Submission 7, [pp. 4-5].

105

in these areas are often misconstrued, and the outcomes achievable by an audit overestimated.

5.62 Nevertheless, any consideration of regulatory change with respect to these expectation gaps that would potentially expand the scope of audit needs to take into account the whole ecosystem of corporate governance and financial reporting, as well as who would bear the cost of any proposed policy changes.

5.63 The committee considers that the Financial Reporting Council is well-placed to oversee a formal review into these matters.

Recommendation 8

5.64 The committee recommends that the Financial Reporting Council oversee a formal review, to report by the end of the 2020-21 financial year, of the sufficiency and effectiveness of reporting requirements under the Australian standards in relation to:

 the prevention and detection of fraud; and  management's assessment of going concern.

Reporting on internal control frameworks 5.65 Evidence from several submitters and witnesses broadly supported an internal control framework, similar to that implemented in the US, being considered in the Australian context. Section 404 of the US Sarbanes-Oxley Act 2002 requires

the external auditor to report on the accuracy of company management's assertion that the internal controls in place on financial reporting are operational and effective.

5.66 The committee considers that reporting on internal control frameworks should be strengthened.

Recommendation 9

5.67 The committee recommends that the Corporations Act 2001 be amended such that entities required to have their financial reports audited under the Act must establish and maintain an internal controls framework for financial reporting. In addition, such amendments should require that:

 management evaluate and annually report on the effectiveness of the entity's internal control framework; and  the external auditor report on management's assessment of the entity's internal control framework.

Digital Financial Reporting 5.68 Evidence to the committee indicated considerable enthusiasm for the use of digital financial reporting. The committee considers the benefits of DFRs are

106

likely to substantially outweigh the costs. Evidence to the committee indicated that the widespread adoption of digital financial reporting would likely:

 increase transparency and lead to improvements in financial statement quality;  lower the information processing costs for users of financial statements;  increase the forecast accuracy undertaken by analysts; and  improve the information efficiency of capital markets.

5.69 Evidence also indicated that the costs of implementing digital financial reporting may have been exaggerated. Further, in terms of the practical steps needed to implement digital financial reporting, the committee notes that the relevant standards appear to have been developed. Moreover, the US already requires the use of digital financial reporting, with the EU poised to follow suit. This suggests there may be no practical barriers to implementing digital financial reporting in Australia.

5.70 The voluntary approach to digital financial reporting taken in Australia for the past decade has not led to any significant use of DFRs. This suggests that government may need to take proactive steps requiring the implementation of DFRs. However, the committee notes that it has not heard from a wide cross-section of entities required to produce financial reports. The committee considers that, therefore, it may be appropriate for the government to undertake a review to identify and resolve any remaining barriers to the use of DFRs, with a view to making digital financial reporting standard practice in Australia.

Recommendation 10

5.71 The committee recommends that the Australian Government take appropriate action to make digital financial reporting standard practice in Australia.

5.72 The committee notes suggestions to remove ASIC charges for access to financial reports. The committee considers that this question may be appropriate to explore once DFRs are in use. Therefore, the committee suggests that the government consider changes to access fees as part of a post-implementation review of DFRs.

Senator James Paterson Chair

107

Appendix 1

Submissions, answers to questions on notice, correspondence, additional hearing information and tabled documents

Submissions 1 Institute of Certified Management Accountants 2 Chartered Accountants Australia and New Zealand  2.1 Supplementary to submission 2

3 Mr Peter Murray 4 Name Withheld 5 Name Withheld 6 Mr Phillip Sweeney

 6.1 Supplementary to submission 6  6.2 Supplementary to submission 6

7 Professor Peter Wells 8 Adjunct Professor Michael West 9 Bentleys Australia and New Zealand 10 Name Withheld 11 Paulus Wyns 12 Mrs Diane Finlay 13 Professor Michael Bradbury and Associate Professor Bryan Howieson 14 Mrs Monica Coulson 15 The Treasury 16 Australian Securities & Investments Commission (ASIC) 17 Institute of Internal Auditors-Australia 18 IAASB-IESBA 19 Australian Charities and Not-for-profits Commission (ACNC) 20 Australian Prudential Regulation Authority (APRA) 21 Nyenrode Business University 22 Australian Auditing and Assurance Standards Board (AUASB) 23 Dr Paul Nicoll

• Response from the Department of Defence (received 24 September 2019) 24 Financial Reporting Council (FRC) 25 Dr Max Bessell, Dr Lisa Powell, Prof Paul Coram, Prof Christopher Symes  Attachment 1

26 KPMG

27 PwC

28 Deloitte Australia

108

29 EY

30 Grant Thornton Australia Limited 31 BDO Australia Ltd 32 Australian Accounting Standards Board (AASB) 33 Australian Investment Council 34 Professional Standards Councils 35 Group of 100 (G100) 36 Maurice Blackburn Lawyers 37 Australia and New Zealand Banking Group Limited (ANZ)

 37.1 Supplementary to submission 37

38 National Australia Bank (NAB) 39 Professor James Guthrie 40 Pitcher Partners 41 Companies Auditors Disciplinary Board 42 APESB Limited

 42.1 Supplementary to submission 42

43 Professor Allan Fels 44 ASX Limited  44.1 Supplementary to submission 44

45 Australian National Audit Office (ANAO) 46 Australian Shareholders' Association 47 Professor Stephen Taylor 48 Australasian Council of Auditors General

49 CPA Australia  49.1 Supplementary to submission 49

50 Mazars  Attachment 1

51 RSM Australia 52 Mrs Jan Pukallus 53 Name Withheld 54 Mr Allan Clark 55 Mr Tom Ravlic

 55.1 Supplementary to submission 55

56 Professor Ken Trotman 57 Adjunct Professor Stuart Kells, Professor Zahirul Hoque, Professor Ian Gow and Mr Scott Hamilton  57.1 Supplementary to submission 57

 57.2 Supplementary to submission 57

58 Dr Jennifer Wilson 59 Professor Robyn Moroney 60 Digital Finance Analytics

109

61 Name Withheld 62 Mr Neil Fargher 63 Emeritus Professor Keith Houghton and Professor Christine Jubb

64 Institute of Public Accountants - Deakin SME Research Centre 65 Professor Sandra van der Laan and Dr Steven Townsend 66 Australian Institute of Company Directors (AICD) 67 Australian Small Business and Family Enterprise Ombudsman 68 Dr Elizabeth Elliott 69 Mr Dennis Pukallus 70 Mr Desmond Whyte 71 Mr Russell Francis 72 Mr Christopher Miller 73 Mr Denis Thorn 74 Mrs Ann Lawler 75 Miss Xinyi Wen, Mr Per Tronnes and Associate Professor Andrew Jackson 76 Mrs Kay Christensen 77 Mr Graeme Medhurst 78 Dr Shann Turnbull 79 Mr Jeffrey Knapp

 79.1 Supplementary to submission 79

80 Ms Janet Cowden 81 Name Withheld 82 Mr Gordon Westwood 83 Mr David Stow 84 Ms Catherine Archer 85 Name Withheld 86 Name Withheld 87 Mr Martin Lock 88 Mr Ray Elliott 89 Ms Margaret Thornton 90 Dr Barbara Voss and Associate Professor David Carter 91 Ms Christine Moffat 92 Mr Brett Stevenson 93 Mr Adrian Pinkewich

 93.1 Confidential

94 Mr Bernie Bourke 95 Ms Patricia Warren 96 Mr Garth Gilbert 97 Citizens Electoral Council 98 Mr Niall Coburn 99 Dr Patrick McConnell and Dr Andrew Schmulow 100 Name Withheld 101 Mr Chris McDermott

110

102 Victims of Financial Fraud  102.1 Supplementary to submission 102  102.2 Supplementary to submission 102

103 Name Withheld 104 Ms Melissa Harrison 105 Mr Robert Butler 106 Mr George Rozvany

107 Ownership Matters Pty Ltd 108 Mr Allan Warren 109 Mr Keith Kerr 110 Ms Patricia Warren 111 Mr Gerald Jaworski

• Response from CA ANZ (received 14 January 2020) • Response from CPA Australia (received 11 December 2019)

Answer to Question on Notice 1 Australian Securities and Investments Commission - Answer to questions posed 6 September 2019 (received 11 September 2019) 2 Australian Securities and Investments Commission - Answer to questions

posed 10 October 2019 (received 25 October 2019) 3 Australian Securities and Investments Commission - Answer to questions posed 10 October 2019 (received 25 October 2019) 4 Australian Securities and Investments Commission - Answer to questions

posed 10 October 2019 (received 25 October 2019) 5 Australian Securities and Investments Commission - Answers to questions posed on 28 October 2019 (received 27 November 2019) 6 Australian Securities and Investments Commission - Answers to questions

posed on 27 November 2019 (received 27 November 2019) 7 Australian Securities and Investments Commission - Answer to questions posed 19 November 2019 (received 2 December 2019) 8 Mr Jeffrey Knapp - Answer to question posed at a public hearing on

29 November 2019 (received 2 December 2019) 9 Treasury - Answer to questions posed at a public hearing on 29 November 2019 (received 18 December 2019) 10 Financial Reporting Council - Answer to question posed at a public hearing on

29 November 2019 (received 18 December 2019) 11 Mr Ken Trotman - Ms Celia Hammond MP - Registered company auditors - from public hearing on 29 November 2019 (received 18 December 2019) 12 Australian National Audit Office - Mr Georganas - Quality assurance - public

hearing 29 November 2019 (received 19 December 2019) 13 Chartered Accountants Australia and New Zealand - Answer to questions posed at a public hearing on 29 November 2019 (received 20 December 2019)

111

14 Australian Securities and Investments Commission - Answer to questions posed 27 November 2019 (received 20 December 2019) 15 EY - Senator Whish-Wilson - Tranche 2 AML/CTF laws - public hearing 29 November 2019 (received 20 December 2019) 16 EY - Senator Whish-Wilson - Special and general purpose financial statements -

public hearing 29 November 2019 (received 20 December 2019) 17 EY - Mr Georganas - Report Westpac financial crime - public hearing 29 November 2019 (received 20 December 2019) 18 EY - Senator Whish-Wilson - Litigation overview - public hearing

29 November 2019 (received 20 December 2019) 19 Deloitte - Senator Whish-Wilson - auditor liability - public hearing 29 November 2019 (received 10 January 2020) 20 Deloitte - Senator Whish-Wilson - Corporate failure and audit quality - public

hearing 29 November 2019 (received 10 January 2020) 21 Deloitte - Senator O'Neill - ASIC Audit inspections - public hearing 29 November 2019 (received 10 January 2020) 22 Deloitte - Senator O'Neill - Work health and safety - public hearing

29 November 2019 (received 10 January 2020) 23 KPMG - Senator O'Neill - Ferrier Hodgson - public hearing 29 November 2019 (received 10 January 2020) 24 KPMG - Senator O'Neill - Work health and safety - public hearing

29 November 2019 (received 10 January 2020) 25 KPMG - Senator O'Neill - No disclosure agreements - public hearing 29 November 2019 (received 10 January 2020) 26 KPMG - Mr Georganas - Everett assignment - public hearing

29 November 2019 (received 10 January 2020) 27 KPMG - Senator O'Neill - Everett Assignment emails - public hearing 29 November 2019 (received 10 January 2020) 28 KPMG - Senator Whish-Wilson - List of corporate collapses - public hearing

29 November 2019 (received 10 January 2020) 29 KPMG - Senator Whish-Wilson - Litigation trends - public hearing 29 November 2019 (received 10 January 2020) 30 KPMG - Senator O'Neill - CPS 220 work - public hearing 29 November 2019

(received 10 January 2020) 31 KPMG - Senator O'Neill - section 311 notification statistics - public hearing 29 November 2019 (received 10 January 2020) 32 NAB - Mr Georganas - Risk division employee statistics - public hearing

9 December 2019 (received 10 January 2020) 33 PwC - Senator Whish-Wilson - ExxonMobile - Special purpose accounts - public hearing 9 December 2019 (received 12 January 2020) 34 PwC - Mr Gorman - Westpac War Room - public hearing 9 December 2019

(received 12 January 2020)

112

35 PwC - Senator O'Neill - Offshore Service centres - public hearing 9 December 2019 (received 12 January 2020) 36 PwC - Senator O'Neill - CPS 220 - public hearing 9 December 2019 (received 12 January 2020) 37 PwC - Senator O'Neill - Retirement payments - public hearing 9 December 2019

(received 12 January 2020) 38 EY - Senator O'Neill - CPS 220 proposals - Written questions from 18 December 2020 (received 16 January 2020) 39 Auditing and Assurance Standards Board - Senator Whish-Wilson - Breaches

of audit laws and standards - Written questions from 23 December 2020 (received 29 January 2020) 40 Financial Reporting Council - Senator Whish-Wilson - Retirement plan - Written questions from 23 December 2020 (received 29 January 2020) 41 Deloitte - Senator Whish-Wilson - Audit failures - Written questions

23 December 2019 (received 29 January 2020) 42 Deloitte - Senator Whish-Wilson - ASIC audit inspections - Written questions 23 December 2019 (received 29 January 2020) 43 Australian Securities and Investments Commission - Senator Whish-Wilson -

Breaches of audit laws and standards - Written questions 23 December 2019 (received 29 January 2020) 44 Deloitte - Senator Whish-Wilson - General purpose financial statements - Written questions 23 December 2019 (received 29 January 2020) 45 Deloitte - Senator Whish-Wilson - Money Laundering - Written questions

23 December 2019 (received 29 January 2020) 46 Deloitte - Senator Whish-Wilson - Prices and revenue - Written questions 23 December 2019 (received 29 January 2020) 47 Deloitte - Senator Whish-Wilson - Partner tax rates - Written questions

23 December 2019 (received 29 January 2020) 48 Deloitte - Senator Whish-Wilson - Retirement plans for former partners - Written question 23 December 2019 (received 29 January 2020) 49 Deloitte - Senator Whish-Wilson - Financial services remediation programs -

Written question 23 December 2019 (received 29 January 2020) 50 Deloitte - Senator Whish-Whilson - Government contracts - Written questions 23 Decembe 2019 UPDATED 17 February 2020 (received 29 January 2020) 51 KPMG - Senator Whish-Wilson - Audit failures - Written questions

23 December 2019 (received 30 January 2020) 52 KPMG - Senator Whish-Wilson - ASIC audit inspections - Written questions 23 December 2019 (received 30 January 2020) 53 KPMG - Senator Whish-Wilson - General purpose financial statements -

Written questions 23 December 2019 (received 30 January 2020) 54 KPMG - Senator Whish-Wilson - Money laundering - Written questions 23 December 2019 (received 30 January 2020)

113

55 KPMG - Senator Whish-Wilson - Prices and revenue - Written questions 23 December 2019 (received 30 January 2020) 56 KPMG - Senator Whish-Wilson - Partner tax rates - Written questions 23 December 2019 (received 30 January 2020) 57 KPMG - Senator Whish-Wilson - Retirement plans for former partners -

Written questions 23 December 2019 (received 30 January 2020) 58 KPMG - Senator Whish-Wilson - Financial services remediation programs - Written question 23 December 2019 (received 30 January 2020) 59 KPMG - Senator Whish-Wilson - Government contracts - Written question

23 December 2019, updated 12 February 2020 (received 30 January 2020) 60 PwC - Senator Whish-Wilson - Audit failure - Written questions 23 December 2019 (received 31 January 2020) 61 PwC - Senator Whish-Wilson - ASIC audit inspections - Written questions

23 December 2019 (received 31 January 2020) 62 PwC - Senator Whish-Wilson - General Purpose Financial Statements - Written questions 23 December 2019 (received 31 January 2020) 63 PwC - Senator Whish-Wilson - Money laundering - Written questions

23 December 2019 (received 31 January 2020) 64 PwC - Senator Whish-Wilson - Prices and revenue - Written questions 23 December 2019, including correction (received 31 January 2020) 65 PwC - Senator Whish-Wilson - Partner tax rates - Written questions

23 December 2019 (received 31 January 2020) 66 PwC - Senator Whish-Wilson - Retirement Plans for former partners - Written questions 23 December 2019 (received 31 January 2020) 67 PwC - Senator Whish-Wilson - Financial services remediation programs -

Written questions 23 December 2019 (received 31 January 2020) 68 PwC - Senator Whish-Wilson - Government contracts - Written questions 23 December 2019 (received 31 January 2020) 69 EY - Senator Whish-Wilson - Audit failure - Written questions

23 December 2019 (received 3 February 2020, further information received 21 February 2020) 70 EY - Senator Whish-Wilson - ASIC Audit Inspections - Written questions 23 December 2019 (received 3 February 2020) 71 EY - Senator Whish-Wilson - General Purpose Financial Statements - Written

questions 23 December 2019 (received 3 February 2020) 72 EY - Senator Whish-Wilson - Money laundering - Written questions 23 December 2019 (received 3 February 2020) 73 EY - Senator Whish-Wilson - Prices and revenue - Written questions

23 December 2019 (received 3 February 2020) 74 EY - Senator Whish-Wilson - Partner tax rates - Written questions 23 December 2019 (received 3 February 2020) 75 EY - Senator Whish-Wilson - Retirement plans for former partners - Written

questions 23 December 2019 (received 3 February 2020)

114

76 EY - Senator Whish-Wilson - Financial services remediation programs - Written questions 23 December 2019 (received 3 February 2020) 77 EY - Senator Whish-Wilson - Government contracts - Written questions 23 December 2019 (received 3 February 2020) 78 Australian Securities and Investments Commission - Senator Whish-Wilson -

Audit and auditor's report - Written questions 23 December 2019 (received 5 February 2020) 79 Australian Securities and Investments Commission - Senator Whish-Wilson - Auditing standards - Written questions 23 December 2019 (received

5 February 2020) 80 Australian Securities and Investments Commission - Senator Whish-Wilson - Auditing inspections - Written questions 23 December 2019 (received 5 February 2020) 81 Australian Securities and Investments Commission - Senator Whish-Wilson -

Code of ethics for professional Accountants - Written questions 23 December 2019 (received 5 February 2020) 82 Australian Securities and Investments Commission - Senator Whish-Wilson - Audit failures - Written question 23 December 2019 (received 5 February 2020) 83 Australian National Audit Office - Responses to Questions on Notice - public

hearing 7 February 2020 (received 11 February 2020) 84 CPA Australia - Answers to Questions on Notice - public hearing 7 February 2020 (received 14 February) 85 Pitcher Partners - Answer to Questions on Notice - public hearing

7 February 2020 (received 14 February 2020) 86 APESB - Prohibitions and Non-Audit Services - public hearing 7 February 2020 (received 14 February 2020) 87 APESB - Guidance on Materiality - public hearing 7 February 2020 (received

14 February 2020) 88 APESB - Technological solution for Conflicts of Interests - public hearing 7 February 2020 (received 14 February 2020) 89 APESB - Monitoring & Enforcement - public hearing 7 February 2020 (received

14 February 2020) 90 Maurice Blackburn - Answer to Questions on Notice - public hearing 7 February 2020 (received 14 February 2020) 91 Grant Thornton - Answers to Questions on Notice - public hearing

7 February 2020 (received 15 February 2020) 92 Australia Prudential Regulation Authority - public hearing 7 February 2020 (received 17 February 2020) 93 Australian Securities and Investments Commission - Corporate collapses -

written question 19 (received 14 February 2020) 94 Australian Securities and Investments Commission - Conflict of interest in ASIC - disciplinary actions - public hearing 7 February 2020 (received

14 February 2020)

115

95 Australian Securities and Investments Commission - Conflict of interest in ASIC - pension payments - public hearing 7 February 2020 (received 14 February 2020) 96 Australian Securities and Investments Commission - APRA/ASIC relationship

- public hearing 7 February 2020 (received 14 February 2020) 97 Westpac - Review of Westpac’s CPS 220 Risk Management Framework - public hearing 7 February 2020 (received 14 February 2020) 98 Westpac - Review of IFTI reporting - public hearing 7 February 2020 (received

14 February 2020) 99 Westpac - Systems and controls to monitor and report transactions - public hearing 7 February 2020 (received 14 February 2020) 100 Westpac - Financial Year 2019 Result announcement - public hearing

7 February 2020 (received 14 February 2020) 101 Westpac - Monitoring of AML/CTF - public hearing 7 February 2020 (received 14 February 2020) 102 Westpac - Review of Westpac’s Risk Management Framework - public hearing

7 February 2020 (received 14 February 2020) 103 BDO Australia - Answers to questions on notice 2 to 6 - public hearing 7 February 2020 (received 14 February 2020) 104 Westpac - 2017 CPS 220 - public hearing 7 February 2020 (received

26 February 2020)

Correspondence 1 Correspondence from the Accounting Professional & Ethical Standards Board Limited regarding evidence given by ASIC at a public hearing in Sydney on 19 November 2019 (received 27 November 2019)

2 Correspondence from the Australian Accounting Standards Board regarding evidence given at public hearings in Canberra on 29 November 2019 and Melbourne on 9 December 2019 (received 24 January 2020)

Additional Hearing Information 1 Opening statement provided by NAB at a public hearing in Melbourne on 9 December 2019. 2 Opening statement provided by EY at a public hearing in Melbourne on

9 December 2019. 3 Opening statement provided by Deloitte at a public hearing in Melbourne on 9 December 2019. 4 Opening statement provided by KPMG at a public hearing in Melbourne on

9 December 2019. 5 Opening statement provided by Dr Barbara Lima de Voss at a public hearing in Canberra on 7 February 2020.

116

Tabled Documents 1 Tabled documents: Extended opening statement of Professor Roger Simnett AO from the Auditing and Assurance Standards Board tabled at a hearing in Canberra on 29 November 2019.

2 Tabled documents: Opening statement of Mr Jeffrey Knapp tabled at a hearing in Canberra on 29 November 2019.

117

Appendix 2 Public hearings

Tuesday, 19 November 2019 The Portside Centre Level 5, 207 Kent Street Sydney

Australian Securities and Investments Commission  Mr John Price, Commissioner  Ms Cathie Armour, Commissioner  Mr Greg Yanco, Executive Director, Markets  Mr Douglas Niven, Senior Executive Leader, Financial Reporting and Audit  Mr Bruce Meagher, Senior Executive Leader, Corporate Affairs

Friday, 29 November 2019 Committee Room 2S3 Parliament House Canberra

Professor Allan Fels AO, Private capacity

Australian National Audit Office  Mr Grant Hehir, Auditor-General for Australia  Ms Rona Mellor, Deputy Auditor-General for Australia  Ms Jane Meade, Group Executive Director, Professional Services and

Relationships Group  Ms Carla Jago, Group Executive Director, Assurance Audit Services Group

Group of 100  Mr Stephen Woodhill, Chief Executive Officer

Distinguished Professor James Guthrie AM, Private capacity

Australian Accounting Standards Board  Ms Kris Peach, Chair and CEO

Australian Auditing and Assurance Standards Board  Professor Roger Simnett AO, Chair

Financial Reporting Council  Mr Bill Edge, Chair

Professor Stuart Kells, Private capacity

118

Professor Zahirul Hoque, Private capacity

Professor Ian Gow, Private capacity

Professor Ken Trotman, Private capacity

Chartered Accountants Australia and New Zealand  Mr Amir Mostafa Ghandar, Leader, Reporting & Assurance

Mr Jeffrey Knapp, Private capacity

The Treasury  Ms Kate O'Rourke, Principal Adviser, Consumer and Corporations Policy Division

Monday, 9 December 2019 Stamford Plaza Melbourne 111 Little Collins Street Melbourne

National Australia Bank  Mr Gary Lennon, Group Chief Financial Officer  Mr Shaun Dooley, Group Chief Risk Officer

EY

 Mr Tony Johnson, Chief Executive Officer and Regional Managing Partner, Oceania  Mr Glenn Carmody, Managing Partner Assurance, Oceania  Mr Chris George, Professional Practice Director, Oceania  Ms Leigh Walker, Regional Independence Leader, Oceania

Deloitte Australia  Mr Tom Imbesi, Chairman  Mr Jamie Gatt, Managing Partner, Audit and Assurance  Mrs Jody Burton, Chief Risk Officer

KPMG  Mr Andrew Yates, National Managing Partner - Audit, Assurance and Risk Consulting  Mrs Eileen Hoggett, National Partner in charge of External Audit  Mr Bernie Szentirmay, National Head of Audit Quality

PwC  Mr Matt Graham, Managing Partner Assurance  Ms Jan McCahey, Public Policy Leader

119

Friday, 7 February 2020 Committee room 2S3 Parliament House Canberra

APESB Limited  Mr Channa Wijesinghe, CEO  Ms Nancy Milne OAM, Chairman

Dr Barbara de Lima Voss, Private capacity

Professor Peter Wells, Private capacity

Professor Stephen Taylor, Private capacity

CPA Australia  Dr Gary Pflugrath, Executive General Manager, Policy and Advocacy  Ms Claire Grayston, Policy Adviser, Audit and Assurance

Grant Thornton Australia Limited  Mr Greg Keith, Chief Executive Officer  Mr Andrew Rigele, National Managing Partner, Audit and Assurance  Mr Andrew Archer, National Managing Partner, Risk and Quality  Ms Merilyn Gwan, Partner, National Assurance Quality

BDO Australia Ltd  Mr Timothy Kendall, Partner  Mrs Jane Bowen, National Leader, Audit Quality

Pitcher Partners  Mr Brendan Britten, Managing Partner  Mr Nick Bull, Partner in Charge, Business Advisory and Assurance  Mr Mark Harrison, Partner, Business Advisory and Assurance  Ms Kylee Byrne, Partner, Business Advisory and Assurance

Maurice Blackburn Lawyers  Mr Josh Mennen, Principal Lawyer

Westpac  Mr Gary Thursby, Acting Chief Financial Officer  Mr David Stephen, Chief Risk Officer

Australian Taxation Office  Mr Jeremy Hirschhorn, Acting Second Commissioner, Client Engagement Group  Ms Rebecca Saint, Acting Deputy Commissioner, Public Groups

120

Australian Securities and Investments Commission  Mr John Price, Commissioner  Mr Greg Yanco, Executive Director, Markets  Mr Doug Niven, Senior Executive Leader, Financial Reporting and Audit

Australian Prudential Regulation Authority  Ms Heidi Richards, Executive Director, Policy and Advice  Mr Peter Kohlhagen, General Manager, Advice & Approvals  Mr Robert Sharma, Head of Accounting Services