HI6026 Audit, Assurance and Compliance
1. This assignment is to be submitted in accordance with the assessment policy stated in the Unit Outline and Student Handbook. 2. It is the responsibility of the student who is submitting the work, to ensure that the work is in fact her/his own work. Incorporating another’s work or ideas into one’s own work without appropriate acknowledgement is an academic offence. Students should submit all assignments for plagiarism checking on Blackboard before final submission in the subject. For further details, please refer to the Unit Outline and Student Handbook. 3. Maximum marks available: 20 marks. Refer to marking rubric for marking criteria. 4. Assignment should be of 2,500 words. Please use “word count” and include this in the report. Presented in Calibri font size 12. 5. Due date of submission: Week 9, Friday at 12.59 p.m.
Topic: How is Enhanced Auditor Reporting being embraced in Australia?
Background and Context:
Since 2016, there has been a strong push to improve the quality of audit reporting. Listed entities now have to report on “key audit matters” and improve the way material information is communicated using “plain English”. As mentioned in the CPA Australia podcast “How is Enhanced Auditor Reporting being Embraced around the Globe?” (available at CPA Australia website)
“The IAASB’s new auditor reporting requirements commenced in December 2016. Standard setters in many jurisdictions, including Australia and New Zealand, have issued the new requirements with the same effective date, whilst others have committed to issue the standards but have not yet done so. The UK have had similar requirements in place since 2013 and some firms in other countries have early adopted the IAASB’s requirements. Jim Sylph, Cochairman of the IAASB’s Auditor Reporting Implementation Working Group, and Merran Kelsall, IAASB member and AUASB Chairman spoke to CPA Australia about the uptake and impact of enhanced auditor reporting around the globe.”
Download an annual report of an ASX listed company that is in the S&P/ASX 300 list. Review all the sections within the selected company’s annual report, which relate to the Auditor’s role in providing assurance over the entity’s financial statements and control environment. Students will need to review and analyse the following key areas included in the company’s Annual Report: Auditor’s Independence Declaration Independent auditor’s report Non-Audit services performed by the Auditor Auditors’ remuneration Role, functions and composition of the Audit Committee Independent Auditors report to the members (shareholders) Review all Key Audit Matters noted and the associated audit procedures
Based on your analysis of the auditors’ sections and other areas pertaining to the auditor, as included within the Annual Report, submit a report which summarises and evaluates the auditor’s assurance services performed for the client company. As part of your review of the assurance services provided, consider the following: Has the auditor complied with Independence requirements? If there were non-audit services provided, what was the nature of such services? Provide an analysis of the Auditor’s remuneration in a table with prior year comparisons. Include percentage changes and explanations of the remuneration. In relation to the key audit matters, which audit procedures were performed to provide assurance over each matter? Summarise and paraphrase each key audit matter. Correctly classify each audit procedure listed as: tests of controls, substantive tests of detail, substantive test of balances or analytical procedures. Is there an Audit committee? Are there any non-executive directors on the audit committee? Is there an Audit Committee Charter? If so, summarise the main points of the charter including: the structure, function and responsibilities of the Audit Committee. What type of Audit Opinion was expressed? How do the Directors’ and Management’s responsibilities differ from the Auditor’s responsibilities in relation to the financial report? Were there any material subsequent events? If so, briefly outline them and paraphrase and summarise how they were treated. As an interested third party stakeholder, make an assessment of the effectiveness of the material information reported by the Auditor in your conclusion. Consider whether there is any material information which could be missing, under-reported and/or not fully explained or disclosed in an effective way for the intended users? What follow-up questions would you ask the Auditor at the company’s Annual General Meeting?
1. Executive Summary The Executive summary should be concise and not involve too much detail. It should make commentary on the main points only and follow the sequence of the report. Write the Executive Summary after the report is completed, and once you have an overview of the whole text. The Executive Summary appears on the first page of the report. 2. Contents Page – This needs to show a logical listing of all the sub-headings of the report’s contents. 3. Introduction – A short paragraph which includes background, scope and the main points raised in order of importance. There should be a brief conclusion statement at the end of the Introduction. 4. Main Body Paragraphs with numbered sub-headings – Detailed information which elaborates on the main points raised in the Introduction. Each paragraph should begin with a clear topic sentence, then supporting sentences with facts and evidence obtained from research and finish with a concluding sentence at the end. 5. Conclusion – A logical and coherent evaluation based on a thorough and an objective assessment of the facts. Key information has been appraised from an analysis of the company’s annual report and supplementary research to support the final evaluation of the Auditor’s findings in the Annual report. 6. Appendices – Include any additional explanatory information which is supplementary and/ or graphical to help communicate the main ideas made in the report. Refer to the appendices in the main body paragraphs, as and where appropriate.
Due to several audited companies facing dilution, several independence requirements have been implemented. These requirements majorly apply to listed entities, therefore Xero Ltd., one of the ASX 300 entity has been chosen for analysis in the report. Auditor of Xero Ltd is Ernst & Young. Their meeting the relevant independence requirements has been assessed from the prospects of non-audit services and their remuneration, to reach a conclusion that they have met them. The key audit matters presented by auditor in the audit report and the measures taken by them, have been analysed. Audit committee of Xero Ltd and their responsibilities have been analysed followed by the unqualified audit opinion provided by EY. Difference between management and auditor responsibilities has been considered, along with subsequent events occurring after the balance sheet date. Material information provided by EY in the auditor report and its impact on decision of an interested third party stakeholder has been assessed. Under-reported relevant details have also been considered, along with the associated follow-up questions to the auditor. The report ends on a conclusion regarding appropriateness of audit, audit committee operations and material information.
Recent years have seen a lot of companies going down from top to drain, and major of these companies have been the ones which are audited every year. This has brought down the reputation and confidence held by people on the auditors at large. And, therefore to instil back the confidence, IAASB brought about new auditor reporting requirements. CPA also had been taking several actions to support. The report analyses the annual report of Xero Ltd, an Information Technology Sector, audited by Ernst & Young to assess auditor carrying out the relevant requirements per IAASB, in addition to ensuring their independence, while working with the client. For assessment, Auditor’s Audit Report, the Key Audit Matters described and other relevant details provided in the annual report have been considered. Also, an assessment has been done regarding Audit Committee existence and functioning in the organization.
CPA Australia provides that Auditor Independence is based upon Statement about auditor’s independence and meeting of his ethical responsibilities along with a separate declaration under Corporation Act Section 307C (CPA Australia, 2018). Paragraph 40 of ASA 700 provides that the auditor shall provide a statement to those charged with governance that the auditor has complied with all the required ethical requirements that sum up to his independence. In addition Paragraph 50 requires the auditor to make a statement about their independence in the auditor’s report. The standard not only requires them to make a statement but also identify the applicable ethical requirements (AUASB, 2015). If the annual report of Xero Ltd be analysed, in the audit report’s basis for opinion paragraph, Ernst & Young specify that they are independent of the company in accordance with the “Professional and Ethical Standard 1 (revised) Code of Ethics for Assurance Practitioners” (Annual Report, Xero Ltd, 2017). Thus, the auditor have complied with the basic independence requirement.
ASIC provides that in case the auditor provides non-audit services it can act as a conflict of interest situation for the auditor (ASIC, 2018). It routes from the fact that if an auditor provides non-audit services to the client, they cannot provide independent opinion on the financials of that client. Campa and Donnelly highlight that there are certain auditors which provide services which have direct impact on financial statements. And then when the auditor reviews those financial statement, they have this fact in their mind that the financial statements have been prepared by them, partially if not fully (Campa and Donnelly, 2016). Therefore the auditors are allowed to take only those non-audit services from their audit client, which they believe will not result in self-review situations and will allow them to provide an independent opinion.
Xero Ltd.’s management provide that any decision regarding non-audit work by the auditor requires an authorization from ARM Committee of the organization, so that those additional works do not hinder independence requirement for the auditor (Annual Report, Xero Ltd., 2017). The auditors state in their “Independent Auditors Report” that they have provided Xero with remuneration related market data, have helped them with R&D tax credit compliances and have issued a Type II Independence report on Xero’s controls in line with requirements of ISAE 3002. Also, they state that they have made a “Cloud Controls Matrix Gap Assessment” for the entity as well, along with some assurance services associated to Callaghan grant (Annual Report, Xero Ltd., 2017). If these non-audit services be analysed they are all not directly related to the financial statements, except for the remuneration data. Also, neither the management nor the auditors in the annual report, have specified the type of remuneration related market data provided by the auditors. If it merely relates to identifying relevant information and providing it to the client, which is further analysed by the client before impacting the financial statements, the auditors are still in the safe bracket within independence. All the other services are not directly or indirectly associated to financial statements, therefore they cannot be expected to result in a self-review situation. Thus, even though there are certain non-audit services which are provided by the auditor to their audit client, they are meeting the independence requirements.
Adeyemi and Okpala highlight that size of audit fees also impacts auditor’s independence. In case, where the audit firm is not too big and has small number of client, they usually become financially dependent upon the big audit client paying good fees (Adeyemi and Okpala, 2011). Below is an analysis of auditor remuneration derived by Ernst & Young from Xero Ltd.:
|(Amounts in '000)|
|Year ended 31 March||2018||2017||Difference||Difference %|
|Audit and review of financial statements||252||236||16||6.78%|
|Other Assurance Services||135||87||48||55.17%|
|Total Auditor's Remuneration||417||355||62||17.46%|
|Audit fee as a percentage of Revenue||0.10%||0.12%|
|Audit fee as a percentage of Total Assets||0.14%||0.12%|
The notes provide that other assurance services relate reporting on service organization controls and Callaghan Grant. The other services are remuneration provision data provided by Ernst & Young. There is no other detail related to auditor remuneration in the annual report or Independent Auditors Report. If it be assessed from the prospect of independence, auditor’s fee for audit services has increased by 6.78%. Audit Analytics provide that audit fees are usually either taken as a percentage of revenue or total assets by the big 4 companies. Ernst & Young is a Big 4 Company (Audit Analytics, 2014). If the audit fee be analysed from the prospect of revenue, there has been a decline in audit fees percentage, while if it is looked upon from the prospect of total assets, there is a two point increase (Annual Report, Xero Ltd, 2017). Since the total assets have not changed substantially it appears that the audit fee is based upon revenue. However it is not determinable as to why the audit fee of the company has decreased in percentile, when the revenue has increased.
ASA 701 provides that the matters which were of most significant to the audit, shall be provided by the auditor along with Independent Auditors Report as Key Audit Matters (AUASB, 2015). Ernst & Young identified two key audit matters; Capitalised Development Cost and Impairment of capitalized development costs.
Capitalized Development costs are the cost incurred by the entity to develop internal software, which includes judgment. The cost is then amortized over estimated useful life. EY choose test of details to verify the nature of certain projects, applied test of control for testing the review procedures utilized by company to review rates to capitalize payroll costs and for testing effectiveness of other controls over payroll process. The auditor further used substantive test of details while assessing capitalized costs and adequacy of disclosures.
Impairment of Capitalized Development Cost relates to impairment of the same cost capitalized by the company. For assessing impairment, Ernst & Young utilized test of details for significant changes in use of software and assessment of redundancy. The auditor further took substantive test of balances approach to test the cash flows associated with capitalized software’s. Amortization periods adequacy was checked using substantive analytical procedures, by comparing them with past experiences. EY again utilized test of details to assess significant changes in market and the disclosures related to impairment (Annual Report, Xero Ltd., 2017).
These depict that though no comment can be made about identification of key audit matters, but the auditor has taken sufficient steps to ensure that identified key audit matters are addressed properly. They have applied all the relevant assertions. While assessing capitalization of costs, they have considered accuracy, existence, completeness, and presentation & disclosure, and for determining relevancy of impairment they have considered completeness, measurement and presentation & disclosure. This provides them with proper coverage of these Key audit matters.
CPA Australia highlight that audit committee is a committee which help the board in management of internal controls and corporate governance throughout the organization. It highlights that in 2003, ASX made it a mandate that the top 300 firms listed, shall have an audit committee (CPA Australia, 2018). In line with the same, Xero Ltd also has an audit committee. The annual report provides that its name is “Audit and Risk Management Committee”. Its responsibility to assist board in overseeing three areas of risk, audit and compliance. The committee consists of three members, all of which are non-executive directors (Annual Report, Xero Ltd., 2017). Audit and Risk Management Committee at Xero Ltd have a charter which specifies that the Committee shall have at least three members, who shall be non-executive and be majorly independent. Further the chair of the Committee shall not be Chair of Board, and shall be an independent non-executive director of Xero Ltd. The functioning of the Committee will be basis committee meeting, which shall be held at the least four times in a year. Committee’s basic responsibility is to assist board. They have to monitor liquidity of the company and plans to maintain it in future. Further, the Audit and Risk Committee shall support board in relation to external auditor’s appointment, removal, re-appointment, replacement, their fees and non-audit services. The audit and risk committee shall also keep an oversight of adequacy of internal controls and risk management framework in the organization. Finally their authority is restricted to the fact that they cannot take actions on their own, unless there is a mandate from Board (Xero Ltd., 2018).
There are four types of Audit Opinions; unqualified when everything is going appropriate, qualified when there is a matter of concern, adverse when the matter is significant and disclaimer when the auditor cannot substantiate on the financial statements (Sherman, 2018). The audit opinion for Xero Ltd., by EY in unqualified. They have stated that the financial statements give a true and fair presentation of the operations of the company, as per relevant financial reporting framework (Annual Report, Xero Ltd., 2017). This means that the auditors accept that they had sufficient resources available from their own end and management’s end to carry out audit, and those audit procedures or resources resulted them in forming an opinion that the financial statements present the true operations of the company.
AU Section 110 provides financial statements are not the responsibility of auditor instead they are directors and management’s responsibilities, while merely providing an opinion on them is the responsibility of an auditor (PCAOB, 2018). Further, ASA 700 requires an auditor to specify their own responsibilities in the audit report as well (AUASB, 2015). Therefore EY in their audit report as well, specify that their responsibility is limited to provide an opinion on financial statements of Xero Ltd. (Annual Report, Xero Ltd., 2017). If it be analysed, this difference provides that irrespective of whether the management has knowledge of relevant accounting standards, it is their responsibility to ensure that the financial statement have been prepared according to applicable framework. In case there is any misstatement, the auditor is merely required to identify it applying due care, and assess its impact on their audit opinion. In case it is too relevant, they can list it out in their audit report as well, in form of other matters paragraph. Though they shall inform the management about every misstatement, they are not supposed to help them in making adjustments regarding them.
AASB 110 define that subsequent events are the events that happen after the reporting date of the entity and before the financial statements are issued. Standard requires the entities to disclose all such events which existed on the reporting date and have impact on financial statements (AASB, 2007). Xero Ltd. has not recognized any subsequent event in their annual report for 2017.
As an interested third party stakeholder, the first relevant information is opinion of the auditor. The auditor has given an unqualified opinion, which in itself instils confidence in the entity. This confidence is further supported by the fact that the auditor has stated that they are independent of the entity, and entity’s audit committee is also taking sufficient steps to ensure that the external auditor is independent. Auditor identifying key audit matters also highlight that the basic risk areas are the key audit matters. However, the management has not specified the percentage of the cost that is capitalized and the basis of such percentage. But, considering that the auditor has already assessed it, third party stakeholder can still hold confidence. If the financial statement of the company be analysed, company is making losses, and its total assets balance has also declined from the past. But the auditor report still lets one believe that the company may have potential. Thus, though not much material information has been reported by the auditor, their opinion gives confidence to the third party stakeholder.
There are two basic under-reported material information in the annual report of Xero Ltd. The first one relates to the key audit matters. Though the auditor has considered capitalized development cost as material, the financial statements or the notes do not disclose their calculation substantially. It has been provided that a percentage of cost is capitalized, but its base, the adequacy of calculation has not been provided. Further the auditor though has specified that there are certain non-audit services that they have provided. It has been left to speculation as to what will the effect of these non-audit services on financial statement. Best example relates to remuneration data. A user of financial statement will not be able to assess if the remuneration data impacts remuneration to employees in income statement or not.
The first under-reported item relates to management disclosure. Therefore the auditor can be asked about their basis of opining that the relevant disclosures associated to capitalized development cost has been made by the entity in their financials. Also the auditor can be asked to specify the impact, both direct and indirect, that they believe their non-audit services have on financial statements of the company.
The report examined annual report of Xero Ltd., and the independent auditor’s report of Ernst & Young to the group. The auditor is complying with the relevant independence requirements and the annual report highlights that the audit committee of the company is supporting auditor is maintaining it. Non-audit services of the auditor and their remuneration has been analysed. Sufficient information about these two areas have not been provided in the annual report. Key audit matters described by the auditors, their assessment have also been analysed and it is believed that the auditors took substantial measures to ensure they are appropriately dealt with. Audit committee, audit opinion, difference of management and auditor responsibilities has been discussed. Further, the material information provided by auditor has been analysed along with assessment of under-reported matter and the associated follow up questions.