The revised approach relies on an analysis of the “financial reporting chain” to select audit files for review.
Why ASIC has changed tack with audit reviews
Several recent reports have raised questions about ASIC’s audit surveillance program. As the regulator of more than 2.2 million companies, ASIC is and always will be committed to strong oversight of auditors. These companies do not just contribute hundreds of billions to our economy – they also play a vital role for millions of Australians, including their employees, mum and dad investors, and super funds entrusted with trillions of dollars in retirement savings. Almost 30,000 of these businesses are required to produce financial reports each year.
This means that transparent reporting to investors and other stakeholders on the performance of businesses, and more efficient capital allocation, has an enormous impact on millions of lives. And auditors, along with financial reporting, play a vital role in providing that.
Changes to ASIC’s audit program
ASIC’s audit surveillance program remained largely unchanged for 15 years while the world had changed around it. An internal review conducted in 2022 identified opportunities to create a stronger, more focused and effective approach that could be delivered in a more relevant, data-led and efficient way.
This is why ASIC has moved away from separate, standalone financial reporting and audit surveillance programs to an integrated “financial reporting chain” model that looks at financial reporting and audit together. It’s also why ASIC has adopted a more data-led, risk-based approach that identifies audits for surveillance from financial reporting reviews.
Audit files are generally selected for review where a concern is identified with a financial report. Because there is a strong correlation between issues in financial reporting and work done by auditors, fewer targeted audit surveillances need to be conducted in each audit firm, while still effectively identifying areas needing improvement.
As part of its new program, ASIC is actively engaging across other parts of the financial reporting chain to help improve audit quality. This work has already started: ASIC is now writing to company directors to report negative findings from audit reviews. This is with the clear expectation that directors will take appropriate action with management and auditors. ASIC will also separately conduct targeted, thematic reviews of the management systems of audit firms.
At the same time, ASIC continues its enforcement focus on auditor misconduct and will continue to take action against those who break the law. There are a number of investigations and enforcement actions underway.
Looking ahead, an information program will be rolled out to coincide with the release of the new financial reporting and audit annual report later this year.
The message is clear: ASIC is committed to improving audit quality. ASIC has enhanced its approach and adopted a more data-informed strategy to refine its selection of audits for review, making it more effective and efficient.
While no regulator can be resourced to do everything, ASIC has thought carefully about the design of the new program. As this is the first annual report for the new program, ASIC will seek feedback from stakeholders after its release on areas for improvement in the program and its report.
Greg Yanco is executive director of regulation and supervision at ASIC.