31 May 2024

For periods beginning on or after 15 Dec 2023 (effectively year ended 31 December 2024) there is a new standard for Group Audits. Early adoption is permitted, so we have proactively updated relevant templates for the new standard.

What has changed?

The problem with group audits is that often we are comparing apples with oranges. Some components are very different in size and flavour. The new standard attempts to make this easier by viewing the whole group through the lens of the whole fruit bowl, rather then getting overly obsessed with the spots on one of the bananas.

The new standard, like many revised standards coming through, is designed to align with the revised ISA 315 Risk standard, which introduced some major changes. It also aligns with the new Quality Management standards.

The new standard takes a pragmatic approach to work being done by other auditors – those doing work on components which may either be subsidiaries or parts of the overall job – like auditors performing stock-takes on behalf.

In the old standard components were regarded as significant (or not) based on defined parameters. In the new standard the whole group or overall entity is viewed as one, and risk is identified across the group as a whole. The group financial statements are assessed and work is done on elements that represent material risks from this perspective, rather than a rote audit of the whole of a component because it is judged as significant. The new standard does this by using a different definition of a component:

Component – An entity, business unit, function or business activity, or some combination thereof, determined by the group auditor for purposes of planning and performing audit procedures in a group audit. (para 14(b))

The standard emphasises the Group Engagements Partner’s (GEP) responsibilities for the whole job, effectively treating the whole audit group as one team for which the lead auditor is responsible. The GEP is to feed risk assessment to the sub-auditors and the sub-auditors are to advise the GEP of additional risks that they identify. All risk is framed in terms of ISA 315 (Revised 2019).

The standard also gives a strong nod to ISA 220 (Revised) on focussing on the resources needed for the engagement and the direction and supervision required.

How do we approach an audit that involves components?

A high level overview is as follows:

  • Identify the components.
  • Make a preliminary assessment of what sort of work will likely be required.
  • Communicate with Governance regarding the work likely to be undertaken and their involvement.
  • Identify the regulatory framework for the group.
  • Identify the organisational structure and business model.
  • Identify the group controls.
  • Assess the risks that pertain to group as a whole including risks pertaining to the consolidation process.
  • Assess Group Performance Materiality and a threshold above which misstatements identified in the component financial information are to be communicated by the component auditor to the GEP.
  • Work is then assigned to the component auditors
  • They report back on their overall findings and conclusions, plus reporting instances of material non-compliance with laws or regulations, corrected and uncorrected misstatements, indicators of possible bias, any deficiencies in the system of internal control, identified fraud or suspected fraud, and any other significant matters.
  • The GEP then assesses whether the work is adequate, discusses and records any matters that require clarification and then assesses the work of the component auditor in relationship to the group as a whole.

Conclusion

The new standard represents a common sense approach to group audit work, however there may be some changes and adjustments required by firms adopting this fresh approach for the first time.

The Requirements portion of the standard is mercifully brief (11 pages) so I suggest you read it to familarise yourself with the content. The Application and Other Explanatory Material is also easy enough to follow. Good work IAASB on what seems to be another sensible standard that will hopefully stand the test of time.

1 May 2024

The XRB recently announced a draft standard to be used where Service Performance Information (SPI) is included in a Review Engagement. This is a welcome move, as practitioners have been largely left to their own devices in these cases, with a little help from EG Au9.

The exposure draft was released in April 2024. The close-off date for submissions is 17 July 2024. What are the main points of the ED?

Objectives

Paragraph 7 states that:

“The objectives of the assurance practitioner are to:
(a) obtain limited assurance, primarily by performing enquiry, analytical procedures, and, as the assurance practitioner considers necessary in the circumstances, other procedures, about whether anything has come to their attention that the service performance information individually or collectively is not free from material misstatement, and
(b) express a limited assurance conclusion in a written report.

This is standard for Review Engagements, so enquiry and analytical review are the go-to procedures – and further work only if we are not satisfied that all is well. So nothing new here.

Letters, reports, and documentation

The terms of engagement will need to be updated to include reference to the standard, as will the review report. The practitioner will need to obtain an understanding of and document:

(a) The applicable financial reporting framework relevant to the service performance information.
(b) The process, including the rationale and logic the entity undertook to determine what elements/aspects of service performance, performance measures and/or descriptions, and measurement bases or evaluation methods and, if applicable, judgements to report.
(c) The process the entity undertook to identify the intended users of the service performance information and the level of engagement with the intended users.
(d) The measurement bases or evaluation methods used by the entity to assess the performance measures and/or descriptions and how these are made available to intended users.
(e) Changes to the elements/aspects of service performance, performance measures and/or descriptions, and the measurement bases or evaluation methods used to report its service performance compared to prior year, planned, forecast or prospective information.
(f) Where the entity intends to report its service performance information.

(para 18)

This is a bit more than what was suggested by EG Au9 but is probably necessary, and will be familiar work for those auditing SPI.

Internal Controls

The practitioner must also obtain an understanding of the internal controls over the preparation of the SPI. (para 19) This feels a bit onerous and was not part of EG Au9, however under ISRE (NZ) 2400, NZ 46.1 the practitioner is required to understand “Internal control, as it relates to the preparation of the financial statements.” So the treatment is consistent with the existing Review Engagement standard, which requires the practitioner to briefly document the controls.

Review Approach

In common with the new NZ AS1 (revised) for auditing SPI, the draft instructs the practitioner to “develop a review plan with a single review approach to concurrently cover the service performance information and the financial statements.” This is sensible.

It also follows the “Appropriate and Meaningful” language of NZ AS1 (revised). (para 24) The difference is that paragraph 24 requires the assurance practitioner to “consider” the factors rather than to “evaluate” the factors as required by the auditing standard. The Consultation Document explains that this wording implies enquiry rather than more detailed work.

The requirement to assess materiality for SPI is also similar to the audit standard. (para 25-29)

In terms of the actual work required, paragraph 30 says:

The assurance practitioner shall use the understanding obtained in paragraphs 16-19, to identify areas in the service performance information where material misstatements are likely to arise and thereby provide a basis for designing procedures to address those areas.

Without mentioning the word, this is about assessing risk and responding to that risk appropriately. This consists of using analytical review and enquiry to address all material or potentially material SPI. (para 31) As with audit work, the analytical testing includes linking SPI with the financial information. (para 33)

This begs the question: Would not all SPI, if it was “appropriate and meaningful” be material? Why would the client be reporting trivial information? And if they were for some reason for doing so, can we exclude this part of the SPI based on materiality?

Testing Controls?

We must also “consider whether the data relevant to service performance information from the entity’s information system and records are adequate for the purpose of performing the analytical procedures.” (para 32)

The problem with testing SPI from an audit perspective is that it is often unable to be tested only substantively, but is dependent on the systems that record it to produce reliable results. Systems testing is beyond the scope of a Review Engagement, so what does the standard propose if we conclude that the entity’s information system and records are not adequate for the purpose of performing the analytical procedures? Might the “additional procedures” required by paragraph 34 include testing the system to see if the results are reliable? This will need to be something at practitioners make a judgment call over, and is probably (hopefully) rare.

Conclusion

Overall the drafters of the proposed new standard have followed the tone set by NZ AS1 (revised) very closely. The difference is that the level of assurance is reduced somewhat. But in practice, for smaller entities in particular, the level of work required as compared to an audit may not be reduced that much.

If you wish to make a submission head over to the XRB and share your thoughts.

3 April 2024

For accounting periods that end on or after 28 March 2024, the threshold levels for not-for-profit entities have changed. Let’s review New Zealand’s reporting landscape while considering the changes.

A variety of reporting levels

Think of the reporting framework as a tree with two main branches – Public Benefit Entities (PBEs) and For-Profit Entities (FPEs). Some entities operate in the public sector for public benefit and some operate at the for-profit end of the scale. The needs of the readers of financial statements for for-profit entities and public-benefit entities will likely be somewhat different, so a distinction is made.

However, whether an entity is primarily for community and social benefit isn’t as clear-cut as it sounds, as most if not all entities have (hopefully) some public benefit. But the type and purpose of transactions often make the distinction clearer – many transactions are non-exchange in nature, and specialised assets are often held for which there may be no commercial market.

Not all entities want or need to trade or invest internationally or even have much of a public face at all. The NZ XRB recognised this and drew some distinctions between outward-facing entities requiring wide-scale credibility and smaller-scale local entities that will never have to be scrutinised on the international stage. Discussions of ownership, scale, public accountability, and purpose are factored into these distinctions. 

Public Benefit Entities

The Public Benefit Entities (PBE) branch of the reporting standards is somewhat easier to navigate than the For-Profit bough. If, after looking at founding documents, beneficiaries, and issues of funding we decide that the entity is indeed a PBE there are four slots of financial reporting that we can choose from.

Tier 1 – The plumpest fruit

To whom is the entity accountable? Where is the funding for the entity derived? An entity may be for public benefit but not publicly accountable – for example, a charity for helping the homeless that is funded by support from corporate sponsors.

Or an entity may be publicly accountable but for-profit rather than for public benefit – for example, banks, insurance and superannuation providers, publicly listed companies and others that trade debt or equity instruments to the public. The specific criteria are provided by the Financial Markets Conduct Act 2013 (FMC Entities) and by the IASB definition of public accountability. Anything that is publicly accountable will fall into Tier 1 – full compliance with full PBE accounting standards. 

Also falling into that basket will be large entities – defined in this case by expenditure – over $33 million over the last two periods (increased from $30 million). This size is specified by the XRB Amendments to XRB A1  document. There are only about 60 charities in this category in New Zealand. 

Tier 2 – Not so large and not accountable

PBEs that are neither publicly accountable nor with expenses over $33million are graded based simply on their expenditure level over the last two periods. Under $33million (previously $30million) but over $5million drops into Tier 2 (previously $2million). These are subject to the same PBE accounting standards as the larger entities, but with some reduced disclosure requirements concessions (“RDR”).

There are about 900 NZ charities in this category. An important point to remember is that all PBE entities, regardless of size and type, will by default go into the Tier 1 unless they elect to adopt another category. 

Tier 3 and 4 – Small in value but large in number 

Dropping into Tier 3 will be entities under the $5million expenses mark, but over $140,000. Anything under that level may fall into Tier 4. Tier 3 uses what is known as “PBE Simple Format Reporting Standard – Accrual” (PBE SFR-A). However, for accounting periods that begin on or after 1 April 2024 a new Tier 3 standard – now called  “Tier 3 (NFP) Standard –  Reporting Requirements for Tier 3 Not-for-Profit Entities” applies.

Tier 4 uses “Public Benefit Entity Simple Format Reporting – Cash” (PBE SFR-C (“C” for “cash”)).  As with Tier 3, for accounting periods that begin on or after 1 April 2024 a new Tier 3 standard – now called  “Tier 4 (NFP) Standard – Reporting Requirements for Tier 4 Not-for-Profit Entities” applies. See our article for details of the T3 and T4 changes.

Over 90% of the 27,000 NZ registered charities fall into Tier 3 and 4. The XRB has published extensive guides and Charities Services has downloadable Excel templates for completing these reports.

Impact of the threshold updates

The impact of the change in threshold between Tier 1 and 2 will be minimal. this is more or less an inflation adjustment, however, the threshold change between Tier 2 and 3 will have significant implications for preparers of financial statements and auditors. Many preparers will opt for dropping from the complex Tier 2 standards to the much more easily prepared Tier 3 standard. This will also be good news for auditors. SME-type firms that previously did not have the expertise to take on Tier 2 PBEs will feel much more comfortable taking on these jobs under Tier 3.

There will be some problems, however. Changing between Tiers will be complex in the first year. Changes in policies and restating comparatives could be tricky for auditors and preparers. Many entities may opt to continue as Tier 2 entities. We shall see…

For-Profit Entities

As noted, an entity may be publicly accountable and also for-profit rather than for public benefit – for example, banks, insurance and superannuation providers, publicly listed companies and others that trade debt or equity instruments to the public. These entities are by default Tier 1 FPE, required to comply with full NZ IFRS standards. Also, as per the PBE rules, anything with a total expenditure of over $30 million in the two preceding periods will fall into this tier, whether publicly accountable or not, captured by their sheer economic weight.

Similarly to the PBE branch, Tier 2 is only to be applied to non-publicly accountable entities, but the size criteria are a little more complex, and some other factors are considered. For Tier 1, economic impact is measured in terms of expenditure, but Tier 2 uses a definition of size based on a combination of revenue and assets. Additionally, the thresholds for assets and revenue differ depending on whether the Company (and these are likely to be companies) are locally or overseas owned.

To be “large” in terms of Tier 2, a locally owned entity must have assets exceeding $66 million or revenue exceeding $33 million. These thresholds must be reached at the balance date at each of the two preceding accounting periods. The thresholds for an overseas-owned company are lower – presumably because there is perceived to be a higher risk. Assets exceeding $22 million or revenue exceeding $11 million at the balance date at each of the two preceding accounting periods will trigger the “large” switch.

That’s not all though… if the entity is not large in the terms above but has 10 or more shareholders it is also caught in Tier 2 – unless 95% of the shareholders agree to opt out. Remember that as with PBE entities, regardless of size and type, FPEs will by default go into the Tier 1 bin unless they adopt another category.

After 1 April 2015, smaller for-profits could use NZ IFRS RDR, but so long as IRD and internal management requirements were met they were free to do what works best for them. This means that most small NZ companies, partnerships and sole traders do not need to prepare financial statements that comply with General Purpose Accounting Principles (GAAP). Of course, governance, banks and other investors need helpful information. To meet this need NZICA/CAANZ issued some optional guidelines (the SPFR for FPE framework). Entities not using these guidelines must still comply with IRD minimum reporting requirements.

Is an audit required?

Under the Accounting Infrastructure Reform Bill, charitable entities with expenditures over $1.1 million for the two preceding accounting periods must be audited. Entities with expenditures between $550,000 and $1.1 million for the two preceding accounting periods may opt for a review engagement. This work must be performed by a “qualified auditor” in compliance with the appropriate assurance standards. Under $550,000 there is no statutory requirement for audit or review unless the founding documents or funding sources require this. 

Tier 1 for-profit entities always require an audit, which makes sense, as do “large” overseas companies that are Tier 2. “Large” local companies may, in terms of Tier 2, opt out of the requirement for audit, as may smaller entities with 10 or more shareholders.

NOTE: Audit Assistant has a Financial Reporting Regime Testing Tool which may be used stand-alone, but is also incorporated into the newer templates. This has now been updated to the new thresholds, however, users will need to be mindful of the period being audited, to make sure that the results are applicable.

28 February 2024

Many firms using Audit Assistant also have specific document management systems for their wider document management and cloud storage requirements. Users have asked us what we support, and what we suggest that they use.

A recent survey of our users found an almost even split of Microsoft SharePoint, Google Workspace, FYI, Dropbox and OneDrive, with some users still just using their local server (presumably backed up). We have also noticed an upsurge in interest in SuiteFiles. Following is a quick comparison and assessment of what is out there for SME-type audit firms:

The basic tools

Many will be familiar with SharePoint. It is Microsoft’s document management and storage system. The version we generally talk about – SharePoint Online – bundles with their 365 Platform. SharePoint has been around in the cloud version of Office 365 since 2012, so it was one of the early options for storage and document management. It can be purchased for $8.10NZ /user/month and includes OneDrive file storage. Or for a little more (NZ$20.20/user/month) Microsoft 365 Business Basic also includes desktop versions of all the normal Microsoft applications plus SharePoint and Teams. Most CA firms already likely have this subscription.

While SharePoint is predominantly an online document management system and communication site, OneDrive is another Microsoft product that is commonly used for seamless online backup. Its Mac equivalent is iCloud Drive. Files saved on your OneDrive or iCloud Drive are saved both on your device and seamlessly backed up in the cloud. This is very useful if you are accessing files from more than one device and takes the drama out of remembering to do backups. As predominantly Mac users we utilise iCloud for our general document backups.

Google Workspace evolved out of Gmail, and Google’s Chrome browser which added a suite of free add-ons for document storage and collaboration. The heart of document storage and exchange was Google Drive, launched in 2012. which was then rolled in with Google Docs, Google Calendar, Google Meet, and other products to first form G-Suite now renamed Google Workspace. There are free versions – but the basic paid version ($9.00NZ/user/month) actually provides quite a lot. We use Workspace for our email management and online video meetings.

Dropbox is the go-to for large file exchange. When we were looking for something to share raw video footage with our team, we added Dropbox to our toolkit. In many ways like Google Drive, its basic plans are all about storing and exchanging large files simply.

It is worth mentioning Adobe Acrobat as an option for managing PDFs. Their digital signing and PDF manipulation tools are easy to use and industry standard. It also easily integrates with the solutions above. Cloud storage is also included. Many firms use it for annotating PDFs before attaching to Audit Assistant, and for converting PDFs to Word or Excel files if required. It starts at $30.30AU/month

Dropbox, Google Drive, iCloud Drive or OneDrive are suited to smaller businesses with limited complexity and offer simple workflows for processing day-to-day jobs. What if you need more than just storage and want to move to document and workflow management that is more specific for a professional firm?

Document management systems for Accountants

Specific document management tools aimed at Accountants and other professional firms include SuiteFiles, FYI Docs and Karbon. These all integrate with Microsoft 365. SuiteFiles and FYI Docs both also require a Microsoft Business subscription, which starts at $20.20NZ/user/month.

SuiteFiles, like Audit Assistant, is a NZ-based company. The product is designed for small and medium businesses and includes document management, a client portal, task and email management, digital signing, and full-text search for locating documents. They say that “What separates SuiteFiles from SharePoint is our easy-to-navigate interface and in-built features such as digital signing, client portals, and PDF functionality which cut out extra software subscriptions.” SuiteFiles starts at $25NZ/user/month for file storage, PDF annotation, and email integration. A downside is that there is a minimum requirement of 10 users – unnecessarily large for many small firms. The “Super Suite” includes full PDF merging and manipulation, a client portal, and digital signing. It costs $45NZ/user/month and has a minimum sign-up of 5 users. So for a smaller firm, the larger plan has more useful features and represents better value.

FYI Docs is an Australian-based document management system that also includes a practice management platform. It seems to be more client-focused – more like a CRM tool. It integrates with Xero (and requires a Xero subscription). Subscriptions start at $30NZ/user/month. The Pro version, at $50NZ/user/month, includes collaboration tools, timesheets into Xero, and some custom automation. Their Elite version, at $70NZ/user/month, includes time and billing, employee management, automatic time tracking, capacity planning and reports. All plans have a minimum of 5 users. The Elite version seems to provide a comprehensive practice management system but is marked as “coming soon” – so not available as yet.

Karbon is also worth considering. Also originating in Australasia, it is an even more comprehensive offering. It seeks to be a full practice management solution and includes a phone app. Instead of being restricted to Microsoft and Xero, it integrates with a wider variety of platforms. It contains most of the features of the tools above however it costs a bit more – $59NZ/user/month for the basic “team” plan, and $89NZ/user/month for the “business” plan.

What fits best with Audit Assistant?

Many of the features offered in these packages in terms of client collaboration and document exchange are already covered in Audit Assistant. Clients may upload documents and add information by way of shared pages and requests. This is being updated to a full client portal in our new platform currently under development.

In terms of PDF annotation, this is also currently under development and will soon be released within our existing platform. Digital signing is also in development within our new platform.

At present, some firms use our attachment link system to hyperlink from SharePoint, Google Workspace or similar so files are easily accessed during the audit work. Then at the end of the job, the files are bundled into a zip file and attached to the AA job. This will be unnecessary with the new platform where documents will be editable without downloading, utilising an integration between Audit Assistant and the firm’s Sharepoint. Our present platform can preview documents and spreadsheets, but the new version will also be able to open and update them seamlessley.

What about job management and time tracking? We currently can link our deadlines/milestones to an external calendar, which helps with managing workflow, but we do not have plans at this stage to add time tracking and budgeting tools. We have surveyed our users in the past, and this is not something that has been widely requested because of the use of standard practice management and billing systems in MYOB, Xero and similar.

In terms of team collaboration, this is already built into Audit Assistant. All work is carried out in real-time and follow-ups and review notes can be shared across the team, with instant notifications of changes. We do not add client emails to Audit Assistant because we encourage users to maintain all client interaction within the audit file by way of shared pages, requests, and documents, recognising that emails tend to be less secure. We will be developing this further in our new platform.

In addition, we will be adding more levels of reporting to show the progress of jobs by director/branch or staff member with various levels of filters. We will also be automating bulk client contacts – say sending out client information requests for a range of similar jobs.

In terms of integrations, we are working on single sign-on to simplify user management, and using Zapier to easily transfer data like contact details and milestones to and from other software, and also for pulling data from ledgers into Audit Assistant for analysis. And, as mentioned above, we will use a SharePoint integration for document editing. We are mindful however that an audit file must not have fuzzy boundaries – the final audit file must not be locked down and not able to be changed, so we keep very clear about what is inside and what is outside the audit file.

Our recommendations

Looking at external document management/practice management systems to complement Audit Assistant, we suggest that you consider the following:

  • Long-term storage – while we back up rolled-over files and attachments, our Terms of Use only guarantee three years of backups. We recommend that completed jobs are backed up onto your firm file storage system. Something like Dropbox, or even OneDrive would be fine for this purpose.
  • Word and Excel files used within your Audit Assistant file – Office 365/SharePoint will be our point of integration to enable live editing in our new platform. The completed file will then be automatically downloaded into the audit file upon completion of the job.
  • Other client documents and emails that are not part of the audit file – a client management system could be useful for this, for tracking client information and holding day-to-day interactions that are not specific to the audit documentation. Basic versions of FYI Docs or SuiteFiles would do this well.
  • Time tracking, budgeting, and billing – If you don’t already have this functionality then more advanced versions of FYI Docs, SuiteFiles, or Karbon would be suitable.

Please give us feedback on your experience with any of the products listed above, Which ones do you use? How do you find them?

8 December 2023

If you are preparing engagement letters for assurance engagements, there are some changes of which you should be aware. These are contained in PS 3: Terms of Engagement, issued by CAANZ. This applies to professional services entered into after 1 January 2024 (early adoption permitted).

What is different about the new standard to what auditors have commonly included in their engagement letters, and what updates have been made in the standard Audit Assistant templates?

The basic requirements for engagement letters are included in ISA 210 – Agreeing the Terms of Audit Engagements. Our standard built-in Audit Assistant engagement letters are based on the ISA 210 examples with some additional content (such as optional Bannerman clauses). Most of the requirements in PS 3 that pertain to audits are already covered in ISA 210, however, there are a couple of important additional pieces of information required as follows:

Basis of Fees

The letter is to identify “the basis on which fees will be calculated and clearly define the billing arrangements including specifying any consequences of nonpayment.” (para R2.4) Many firms currently include this detail in their annual Audit Planning Letter (also known as an Arrangement Letter). It now must be in the Engagement Letter and include (from Appendix 2) such things as:

  • What is the method and basis of billing (time and cost including rates, fixed fee including the scope of services covered and what services would result in additional charge, etc.).
  • When will bills be rendered (frequency and estimated timing).
  • What the payment terms are, including what happens if the client does not pay by the agreed date (i.e. whether interest and/or penalties will be charged and/or whether a lien will be asserted)
  • Whether the member will progress bill for the engagement.
  • How the member will price a change in scope.

The Appendix also states that “The member should also consider including an initial fee estimate, if possible.” If a fixed fee is being used this amount would be included. One of the implications of this change is that a fresh engagement letter may need to be issued annually. As this will depend largely on the individual firm policy and possibly be different for various clients these details may need to be added on a case-by-case basis.

We have added a standard paragraph to our latest engagement letters, (based on what is in our annual planning letters) which may be edited as required.

Services from a Service Provider

Where a member uses services from a service provider to perform their professional services for a client and the member will disclose the client’s confidential information to that service provider, the disclosure permissions required must include disclosure of (per para R2.7):

  • the identity of the service provider;
  • the service used;
  • how and where the client’s confidential information will be used and/or stored (including geographical location, where identifiable, or a statement that this geographical location cannot be identified and the reason(s) why not); and
  • any other information that is required to comply with applicable technical and professional standards. and laws and regulations.

This includes contractors and cloud-based processing or data storage services. A service provider is defined as “an individual or organisation external to the firm that provides a human, technological, or intellectual resource that is used in the performance of engagements.”

Fortunately, if you use Audit Assistant this is straightforward. All the client data is encrypted – including transfers – and maintained within Australia and NZ. No client data needs to be transferred outside of the software if the ‘sharing‘ and ‘requests‘ features are used.

We have added a paragraph to this effect under the “Ownership of and access to audit file” paragraph in our standard Engagement Letters.

Complaints policy

The engagement letter is to “… include a description of the firm’s complaints policy.” This should mirror how the firm handles complaints as per their Quality Management policies and procedures. This may include the use of mediation services. Again, this will depend largely on the individual firm policy.

We have added a basic response to our standard engagement letters as follows:

“If you have any concerns about our costs or services, please speak to the person responsible for this engagement (signed below). We have policies and procedures in place to deal appropriately with any complaints and we will do our best to resolve any issues that may arise. We suggest that any such complaint be made in writing to allow us to investigate the issue raised.”

You may edit this if you require something more bespoke.

Use and distribution of the report

If there are any restrictions on who should have access to the audit report or other outputs of the engagement, these restrictions should be clearly stated in the terms of engagement. An appropriate disclaimer should also be included. (para 11)

This is normally specified in the audit report itself, an example of which is normally attached to or quoted within the engagement letter. PS 3 states that this should be included in the letter, along with a suitable disclaimer.

We have added space into the Reporting section of our standard engagement letters for the manual insertion of any such restrictions.

Other matters

Ownership of documents and Confidentiality:

This is already included in our audit templates.

Period of application:

The period of the first financial statement is stated. Ongoing application is covered in broad terms to the effect that, “This letter will be effective for future years unless it is terminated, amended, or superseded by either ourselves or the (governing body).”

Identity of client:

The full legal name of the client and the kind of governing body should be used when setting up the audit file, so it is very clear who the legal body is that the firm is contracting with. These details carry automatically into the engagement letter within Audit Assistant. If the entity is a group the group’s legal name should be used or (and Group) be added to the client name.

Description of services:

Audit engagements are usually very clear, and this is explicit in the Objective and Scope paragraph. However, if any additional services are being provided – such as the completion of any additional reports – these should be added manually to the letter.

Client responsibilities:

Again, this is generally spelled out fairly clearly in the standard audit engagement letters, but PS 3 does recommend that if there are any critical deadlines for the supply of information this should be identified, and if there is any specific access to data permissions required that this also be included. These issues are currently covered in our annual audit planning letter, however, you may wish to manually add them in the engagement letter as well if they are critical to the work.

Independence:

This is covered in current templates.

Acceptance:

PS 3 points out that the client’s acceptance (signed and dated) is essential. This is covered in the current templates, however, firms must ensure that this is done and the signed version is attached to the audit file.

Additional recent updates to engagement letters and audit reports

In addition to the above, there has been a small update made to the wording of engagement letters and audit reports for IFRS entities due to an update in NZ IAS1 – Presentation of Financial Statements.

The wording “including a summary of significant accounting policies” must now read “including material accounting policy information.” We have updated this in relevant engagement letters and audit reports.

We have also updated our NFP engagement letters and audit reports to reference NZ AS1 (Revised) with appropriate language to reflect some terminology changes in the new Tier 3 and 4 NFP standards.

Note:

The templates in the 2024 series audit templates have been updated for the new content. Some areas need to be manually completed (marked yellow) for fee estimates and restrictions on use and distribution. The letters may also be customised on a job-by-job basis by clicking the customise button in the bottom right. You should read through the letter to make sure it is appropriate, but there should be nothing further required if you have selected the correct options where there are potential reporting variations etc.

If you are updating from an earlier template and you have used the previous engagement letter and this has been rolled forward this should be deleted and then the new version will be able to be selected.

31 October 2023

Many audit firms have their own internal policies and methodologies for setting materiality. However many of our smaller firms struggle with a consistent approach. What is best practice?

ISA 320 (para 2) describes materiality as follows:

Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.

This implies that we identify who are the likely users of the financial statements. In the case of Not-for-Profits (NPFs) this is likely to be the members of the organisation, recipients of the services provided, and those who are likely to be external funders: grant providers and perhaps lending institutions.

What will users be concerned about in NFPs?

Certainly the ongoing viability of the entity, perhaps risks around income understatement or expense overstatement. Retention of value for assets will also be important. What will not be so important? Profit may indicate the ability to continue and grow, but it is not the primary reason the entity exists. So what parts of the financial statements will most influence the economic decisions of the users?

The important element is likely to be the costs of operating the entity. If the entity is able to deliver its services in a cost-effective and sustainable manner then stakeholders will continue to support it through their membership, grants, and other investments of time and funds.

What benchmark?

This emphasis on expenditure is reflected in how, in NZ, our four-tier NFP framework is measured – based on expenditure from the prior two years. So it makes sense to use this as our benchmark. Examples of benchmarks in ISA 320 (A5) include profit before tax, total revenue, gross profit and total expenses, and total equity or net asset value. Note that some firms use an average of the benchmark over the last three years to smooth out variations. This is worth considering if there are in fact such variations.

What about a new entity?

If the entity is new, and the first period is less than twelve months, can the auditor gross up the benchmark to twelve months for the calculation? No, because materiality applies to the particular financial statements being audited – regardless of the period length. Paragraph A7 is explicit about this.

What percentage should be applied to the benchmark?

ISA 320 (A4) states that “A percentage is often applied to a chosen benchmark as a starting point in determining materiality for the financial statements as a whole.”

This is where judgment must be applied. What percentage should we use? Commonly auditors choose between 0.5% and 3.0% of revenue or expenditure for overall materiality. However, the standard makes it clear that it is a matter of professional judgement and the auditor should not be confined to specific limits.

What is performance materiality?

Paragraph A13 tells us that “Performance materiality (which, as defined, is one or more amounts) is set to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds materiality for the financial statements as a whole.

Some firms refer to this as giving materiality a “haircut.” The theory is that pure materiality is what would influence the economic decisions of the users, but what if we miss something close to materiality, or a combination of factors tips us over into materiality? So performance materiality (PM) gives us some headroom for this – providing a buffer between our theoretical critical value and working materiality so some slack is built in.

Typically firms use 75-80% of overall materiality, but the standard suggests that the auditor considers that this may be assessed on a class, balance and disclosure basis, as related to risk, previous experience, and our understanding of the entity. Commonly related parties will need to be considered with a lower PM given this disclosure is generally regarded as being qualitatively material.

How about relating to audit risk?

There is a relationship between materiality and the level of audit risk. Simply put, the higher the audit risk, the lower the materiality level that should be applied. When there is a higher risk we should be turning the magnitude of our microscope up to a higher level i.e. reducing materiality.

Risk can be different for different elements of the financial statements, so how can our materiality levels reflect this? We can do this by applying different performance materiality as above. This can also be achieved by using separate benchmarks.

For instance, an NPF has relatively low income and expenditure but high-value land and buildings. Risk is assessed as low for the assets as they do not change and are valued at cost, but expenditure has a higher risk profile. It may be appropriate to use 5% of fixed assets for those balances but 1% of expenditure for everything else.

Another method of recognising different levels of risk on different balances is applying confidence levels to testing. So for instance, the overall risk is set at 2% of expenditure, but when testing revenue and expenditure a confidence level of 0.5 is applied to reduce the sampling interval to half of PM, doubling the sample size. Conversely, a confidence level of 2.0 is applied to increase the sampling interval to twice PM to look at fewer items, because there is less perceived risk. Or we could create a combination of all of the above in a more complex job.

How is materiality applied?

There are three areas where materiality is applied as per paragraph A1.

Firstly, identifying and assessing risks of material misstatement. This involves what we look at in terms of risk. This ties into the discussion of inherent risk and control risk. We only need to consider risks that affect the financial statements, not all business risks. Then we don’t need to consider all classes, balances and disclosures, just those with a risk of material misstatement.

So when we are considering risk we should have materiality in mind. For instance, it was traditional to qualify for cash income, however with less use of cash this qualification may not be automatic. Yes, there is still a risk, but if cash receipts only. make up a tiny proportion of income, it is probably not material.

When identifying classes of transactions, a group of balances may be material in total, but not individually – for instance a series of grants. It makes sense to group these items and apply risk assessment to the group. By definition, all material balances or classes form a risk, so these should be identified and their risk profiles assessed. Even if they are low risk, if they are material they should be flagged and considered.

Don’t forget about balances or classes that are not presenting as material but have the potential to be material – understated accruals or creditors are the common examples.

Secondly, materiality is applied when determining the nature, timing and extent of further audit procedures. This is most likely to be applied when selecting a sample for testing. Again, the microscope metaphor works well. We look at a dataset through a microscope, but if that is set too low at 40x we may miss potentially material items. If it is set too high at 1000x we will be looking in too much detail – getting lost in the job and spending way too much time.

Some firms will consider all transactions over performance materiality, however, a better application of materiality to sampling is using a cumulative sampling tool with an interval based on performance materiality (adjusted for confidence level if required) to arrive at a sensible, statistically robust sample size for detailed substantive testing. Note too that the sampling interval may be adjusted if reliance is being placed on controls that have been tested, or on analytical procedures. These decisions should all be documented.

Thirdly, materiality is to be considered when evaluating the effect of misstatements on the financial statements and in forming the opinion in the auditor’s report. When we have done our testing and accumulated our audit adjustments and disclosure errors, we assess these for their materiality. If there are misstatements that the client will not adjust, then we use materiality to assess whether we need to modify our opinion in some way.

Summary – practical applications for small NFPs

Typically, in a small non-complex NFP, audit firms set an overall materiality based on expenditure and apply a materiality percentage of 2-3% unless there are serious pervasive risks. A PM of 80% is used in most cases. Then they apply PM to their substantive testing using it for their sampling interval, unless there are good reasons to adjust it – say if reliance is being placed on controls testing or analytical procedures. Balances that are already ‘proved in total’ should be excluded from this kind of sampling. So to summarise:

  • Consider the users of the financial statements and what their motivations and interests are when setting materiality.
  • Use expenditure as your main benchmark for materiality in NFPs.
  • Consider benchmark averaging – including prior years – if there have been major changes.
  • Using standard percentages of the benchmark is okay, but make sure you relate this to assessed risk.
  • Use separate confidence levels or performance materiality to adjust testing when risk is assessed as lower or higher, or reliance is being placed on controls or analytical procedures.
  • Don’t forget to document your decisions and your rationale for those decisions.
  • Balances or classes that are material – or potentially material – represent risks, so make sure they are identified and addressed.
  • Don’t over-audit by choosing materiality that is so low that nothing is being proven by your extra work.
  • Don’t under-audit by setting materiality too high – or forgetting to apply it throughout the job – so that you miss important details.
  • Document.
  • Document.
  • Document.

5 September 2023

For those who prepare and audit financial statements for “small” (under $5m expenditure) charities and other not-for-profits, there are some important changes coming up.

In New Zealand, these smaller entities are very common – there are about 30,000 of them including some soon to be included in this reporting under the Incorporated Societies Act 2022.

The Standards have a mandatory date of 1 April 2024, meaning they must be applied for accounting periods that begin on or after 1 April 2024. A Tier 3 or 4 entity may choose to apply the Standard before the mandatory date for accounting periods that end after the Standard takes effect on 15 June 2023. 

The Tier 3 standard – now called  “Tier 3 (NFP) Standard –  Reporting Requirements for Tier 3 Not-for-Profit Entities” – continues to be accrual-based. And Tier 4 – now called  “Tier 4 (NFP) Standard – Reporting Requirements for Tier 4 Not-for-Profit Entities” – is a cash-based alternative for smaller entities (under $140k expenditure).

This article focuses on the Tier 3 (NFP) standard, which tends to be much more commonly used than the cash-based standard even for many smaller entities – as it is much more like traditional reporting. We will look briefly at the Tier 4 changes at the end.

Service performance

When the standards were introduced there were no NZ reporting or auditing standards for Service Performance Information (SPI). Now we have PBE FRS 48 for Tier 1 and 2 entities, and NZ AS-1 (shortly to be NZ AS1 (Revised)) for the audit of Service Performance Information (SPI) across all the tiers.

In a way, the changes in Tier 3 are simply following the direction set by PBE FRS 48 and NZ AS-1. The terms Outcome and Output were always confusing, so these are being replaced with more descriptive terminology as per PBE FRS 48.

There is also some helpful guidance provided about what to report as SPI, and how to report it. Reporting must be (as per para A14):

  • Relevant and faithfully represented
  • Understandable
  • Timely and comparable
  • Verifiable

As such, any changes in reporting from the prior year must be explained, so there is consistency in reporting.

From an audit perspective, NZ AS-1 (Revised) is a great improvement on the previous more complex standard that now feels like a better fit for smaller entities.

Changes to standard revenue and expenditure categories

A common criticism of reporting under the existing Tier 3 standard was that the reporting categories were so broad as to be almost meaningless in some cases. The new standard splits some of the categories into smaller classifications. For instance,

  • Commercial activities are split out;
  • Grants for capital projects are split from other grants;
  • Government funding is split from non-governmental funding;
  • Donations are now clearly differentiated from membership fees and subscriptions;
  • Employee remuneration (apparently including those paid as contractors) is to be split out from volunteer and other employee expenses.

Preparers of performance reports will be able to tweak the names of the categories, but will not be allowed to add additional categories as before. (para A68) This is probably for aggregation and analysis purposes. This will make the Statement of Financial Performance more meaningful and reduce the need for extensive notes breaking down the categories.

Revenue recognition changes

The old standard was fairly inflexible in matching revenue from grants and other bequests and gifts with the use of that money. Donations with a use or return condition were recognised as the condition was fulfilled. Any income without such a condition was recognised in the period it was received.

Under the new standard, if there is a clear expectation of when funds are to be used in terms of an agreed expectation from the grantor, the revenue may be recognised as or when the conditions are satisfied. See the decision tree below which is from the standard:

This seems like a clear, common-sense response, more in line with the commonly accepted matching principle of accrual accounting.

Alternative measurement for assets

Under the old standard, if fixed assets are revalued, the Tier 2 standard must be used. The new standard allows revaluation based on say, RV (rateable value) for land and buildings, or valuation by an independent qualified valuer. (para A133) Depreciation must still be calculated on revalued assets. (para A134)

Changes are made straight to a separate property, plant and equipment revaluation reserve within accumulated funds in the Statement of Financial Position. The whole class of assets must be revalued. Once a revaluation is made there must be consistency going forward, with no changing back to other methods, and revaluation updates made on a regular schedule. (para A139)

Assets classed as investment properties may be accounted for in the same way. (para A144) Where an entity holds investments that are publicly traded, it may elect to measure that class of investment at its current market value. (para A145) It may elect to recognise gains/losses on revaluation of publicly traded investments either in revenue or expenses in the statement of financial performance, or in accumulated funds in a separate investment revaluation reserve. (para A148) 

Accumulated funds

In the old standard, there was no requirement to disclose any details of accumulated funds. The new standard says that to make information understandable to users, the balance of accumulated funds is to be aggregated and presented separately in categories, as applicable. These include any capital contributed by owners, accumulated surpluses or deficits, revaluation reserves (as above), restricted and discretionary reserves, and any other reserves. (para A175)  

For transparency, there is to be a note that discloses objectives and policies for managing accumulated funds and any plans for applying accumulated funds to meet the entity’s objectives. (para A231-A235)

This seems to be designed to make entities think about why they have significant reserves (if in fact, they do) and perhaps how they could be better using these to meet their objectives. If they view their reserves as investments, are they making the best use of their capital? Could they be meeting their objectives in more efficient ways with a redeployment of their equity?

On the other hand, many charities certainly don’t have excess cash or investments and their equity simply represents assets such as land and buildings that are essential to their service delivery. Having to make up a nice story to put into a note in these cases seems a bit pointless – and could be difficult to audit.

Simplification to the statement of cash flows

Cash flow statements are typically a headache for both preparers of financial statements and auditors. Accounting software often struggles and the results are hard to audit and hard for users to understand.

The new standard aligns the categories in the Statement of Cash Flows with the categories in the Statement of Financial Performance. The Statement of Cash Flows is to be essentially a statement of receipts and payments.

Tier 4 changes

There are a couple of changes for Tier 4 (NFP) reporting. These reflect the changes in categories for Tier 3, changing the language around outcomes and outputs, removing the need for a “Statement of Resources and Commitments” and replacing this with significant assets and significant liabilities listed in the notes. The name of “Statement of Receipts and Payments” is changed to “Statement of Cash Received and Cash Paid.”

Transition to the new standards

The changes currently being adopted to reporting for small charities (Tier 3 and 4) have been largely welcomed as positive and sensible. However, there will be some transitional issues that will present challenges to preparers and auditors, for the first year of adoption when the old standard was previously used.

Some of the key items to keep in mind are as follows:

  • Comparatives will need to be restated to line up with the new categories (unless it is impractical to do so). (para C14)
  • Revenue recognition changes will be treated as changes in accounting policy with an appropriate note. (para C15)
  • Adopting the revaluation provisions will need to be acknowledged as a change in accounting policy. (para C18)
  • An entity previously using a Tier 2 standard may continue to do so, or change to the new option, however, this will be a change of accounting policy. (para C21)

Note that there may still be the requirement to use Tier 2 standards where consolidated financial statements, investments in associates or joint ventures, or joint arrangements are involved. (para D1) It may also apply other specific standards to specific transactions. (para D2)

We have included checklists for the new standards, including transitional requirements, in our new Tier 3 and 4 (NFP) Review (2023) templates, our new Tier 3 and 4 (NFP) Audit (2023) templates, plus we have stand-alone checklists for preparers of financial statements to use.

4 September 2023

I have good news and bad news.

The good news is that the new standard for the audit of service performance (NZ AS1 (Revised)) is actually much simpler than the original standard released three years ago. The bad news is the shambles created by rushing through the original standard without proper consultation, deferring it twice, and then effectively cancelling it altogether.

Diligent auditors (and software/content developers) front-footed it and adopted NZ AS1 anyway, thinking we were doing a good thing – despite complaints from our customers about how complex it was – only for it to be deferred.

We had updated our templates and encouraged auditors that this was the way to go, knowing that it would apply sooner or later, and although the standard was a bit of an overkill for smaller entities, it seemed to fit well with its sister reporting standard for Tier 1 and 2 PBE’s – PBE FRS-48.

Those firms that muddled along using bits and pieces from ISAE (NZ) 3000 (Revised) and EG Au9 can now go straight to the new standard, without the pain of having to do that hard work. One up for procrastination!

Anyway, now that I’ve got that off my chest, what about the new standard? And why was it changed?

The XRB issued a statement in July 2023 explaining the rationale for the changes. One major issue was that the Office of the Auditor-General raised concerns regarding the suitability of NZ AS 1 for the public sector.

So the standard, while already released, was at the last minute deferred to allow time for the XRB to work with the OAG to address these concerns and consider the future application of NZ AS 1. This was after the original 12-month deferral due to COVID – which also reflected the deferral of PBE FRS-48.

PBR FRS 48 was released at a similar time to the original NZ AS1. The language was aligned – in that “service performance information” was used instead of the “outcomes” and “outputs” language of the old Tier 3 and 4 standards. I get the feeling that the original NZ AS1 was really made for large Tier 1 and 2 PBE entities without a lot of thought given to small charities.

The new standard changes the language from the complex audit-speak to friendly terms like “appropriate and meaningful.” (Para 25 describes what this means.) This is to be applied as follows:

• Are the elements/aspects of service performance that the entity has selected to report on appropriate and meaningful?
• Are the performance measures and/or descriptions the entity has used to report on what it has done in relation to those elements/aspects of service performance during the reporting period appropriate and meaningful?
• Is the measurement basis or evaluation method used to measure or evaluate the performance measure and/or description appropriate and meaningful? (para 7(a))

The questions above form the first step of the two-step process.

The second part is to assess whether the reported service performance information fairly reflects the actual service performance and is not materially misstated. (para 7(b))

To carry out this part, we need to apply our risk identification skills. The standard echoes the emphasis of ISA 315 (Revised 2019) focusing first on Inherent Risk (risk before consideration of any related controls), then Control Risk.

Then we basically just follow normal audit procedures, but include consideration of service performance information and controls when we look at things like entity and environment, regulatory framework, control systems, materiality, analytical review, and deciding how much reliance to place on controls testing, analytical review and substantive testing.

This will of course impact our documentation and the content of our engagement letters, representation letters, and audit reports, as they relate to responsibilities of governance and the auditor’s responsibilities. Our updated templates have taken all this into account.

The standard emphasises that we “…develop an audit plan with a single audit approach to concurrently cover the service performance information and the financial statements.” (para 20)

Part of the reason for this change is that since the original standard there have been a couple of other major standards released.

It seems that ISA 315 (Revised 2019) has mainly influenced the changes. Much of the language of (NZ AS1 (Revised)) is directly parallel to ISA 315 (Revised 2019) – which is a good thing.

The other influence is the new Tier 3 and 4 NFP Standards. Again they have taken out the “outcomes” and “outputs” language (which very few people actually followed or understood), and replaced it with the nice broad term “service performance information.”

When do we have to use the new NZ AS1 (Revised) standard?

NZ AS 1 (Revised) was approved for issue in July 2023. It is applicable for periods beginning on or after 1 January 2024. Note that it may be early-adopted for periods ending after 24 August 2023 – so essentially jobs ending from now. Auditors may use either the current NZ AS1 or ISAE (NZ) 3000 (Revised) until then. The following graphic is from the XRB:

To accommodate for the new standard we have (so far) reworked our latest Tier 3 and 4 (NFP) templates for both the change to the new Tier 3 and 4 (NFP) standards and also to NZ AS1 (Revised).

So, because it is not cost-effective to revise our current Tier 3 and 4 PBE templates from using NZ AS1 to NZ AS1 (Revised), then create a new set of templates for using the new Tier 3 and 4 (NFP) standards with NZ AS1 (Revised) we have added both updates into our Tier 3 (NFP) 2023 and Tier 4 (NFP) 2023 templates. Basically, if the client is using the new Tier 3 and 4 reporting, then use the new template, which will also give you NZ AS1 (Revised).

So we are suggesting that users step up to NZ AS1 (Revised) while also stepping up to the new Tier 3 and 4 (NFP) standards, by swapping to our 2023 NFP series templates (see flowchart below). Note that the new templates are marked NFP, while the existing ones are PBE. We did this to differentiate as they are all marked as 2023! We have not yet updated our Tier 1 and 2 templates for NZ AS1 (Revised). This will happen in the next month or two.

To treat this as a “…single audit approach to concurrently cover the service performance information and the financial statements…” we have integrated the service performance steps into existing pages – rather than treating them as separate pages as in the existing template. For instance Entity and Environment includes some questions related to Service Performance, as does materiality and internal control checklists. This should simplify the work considerably compared to our extant templates.

When do we get the new Tier 3 and 4 (NFP) templates?

The new Tier 3 and 4 NFP templates are up now (5 September 2023), but we are not flagging existing jobs to push to upgrade because there will still be jobs that use the old Tier 3 and 4 standards. So wait until the client adopts the new reporting standards, then update manually to the new template after rollover.

The Standards have a mandatory date of 1 April 2024, meaning the Standard must be applied for accounting periods that begin on or after 1 April 2024. However, these new standards may apply for accounting periods ending after 15 June 2023 – so any balance dates from 30 June this year may be using the new Tier 3 or 4 standards.  Hence the reason we have been pushing to update our Tier 3 and 4 audit and review templates.

We have reduced our current templates for the update to the new standards. Instead of two Tier 4 (one full ISA and one reduced for smaller entities that we call our ‘LCE’ versions), we now just have the compact version for the new NFP standard. For Tier 3, we will still have an LCE version for simpler entities and a full ISA version, but we have combined the ‘group’s’ content back into this one as well. So now there are two instead of three options.

To summarise:

30 May 2023

So we have a typical small not for profit: poor division of duties, no real controls apart from two signatories for payments, a review of financial results at irregular board meetings, and the annual Performance Report prepared by external accountants.

We know we are not relying on controls for our audit work, but that pesky ISA 315 tells us that we still have to document controls, such as they are. We must – according to paragraph 25 – obtain an understanding of the entity’s information system and communication relevant to the preparation of the financial statements, including:

  • how information flows through the entity’s information system, including how transactions are initiated, and how information about them is recorded, processed, corrected as necessary, incorporated in the general ledger and reported in the financial statements, and
  • how information about events and conditions, other than transactions, is captured, processed and disclosed in the financial statements;
  • understanding how the entity communicates significant matters that support the preparation of the financial statements and related reporting responsibilities in the information system and other components of the system of internal control so that we may
  • evaluate whether the entity’s information system and communication appropriately support the preparation of the entity’s financial statements.

How do we obtain this information? Para A136 tells us it is through various ways that may include:

  • enquiries of relevant personnel about the procedures used to initiate, record, process and report transactions or about the entity’s financial reporting process;
  • inspection of policy or process manuals or other documentation of the entity’s information system;
  • observation of the performance of the policies or procedures by the entity’s personnel; or
  • selecting transactions and tracing them through the applicable process in the information system (i.e., performing a walk-through).

Optional or required?

So does this mean that walk-through tests are one option among many? Yes and no. We are required to document the identified controls that are relevant to inherent risks that we have identified. Paragraph A125 states that we must “evaluate the design and determine whether the controls have been implemented.” Here is the catch. How can we assess whether the controls have been implemented unless we perform some sort of walk-through test?

The client may complete our internal controls checklist, send us their procedures manual, and tell us sweet stories, but as we all know, what they say they do or think they do may not be what they actually do. These procedures may have existed at some point in the past, but internal controls, like most systems, are subject to entropy over time.

Part of our work is therefore to look for changes. Paragraph A41 states that we are required to determine whether information obtained from our previous experience with the entity and from audit procedures performed in previous audits remains relevant and reliable. If circumstances have changed information from prior periods may no longer be relevant or reliable. The standard suggests that enquiries and other appropriate audit procedures, such as walk-throughs of relevant systems should be carried out.

What form can a walk-through take?

We document the system at a level appropriate to the entity, especially noting the controls. Then we check to see if the system as described is actually what they do. For instance, journals must always be given close attention. How are they initiated? Who can create journals? Who approves them? What reviews are carried out? What other means are there of making adjustments to the ledger – editing transactions say?

In this case, we would document the process, then follow one journal through from initiation to ledger, ensuring that all levels of approval and checking have in fact been followed and there is evidence of this.

This is different to a test of controls which would be spread across the period. The walk-through does not give us reliance that the controls are effective, just that we have documented them correctly. In a simple small entity, we could add this walk-through test as a narrative comment. In a more complex entity, it would make sense to create a diagram and then perhaps a spreadsheet following the transaction through the key steps and controls.

You may wish to carry out the walk-through as you have someone explaining the system and you are documenting it. For instance, you are visiting the client – a sports club say – and you ask them – show me the process for recording a bar sale? Using your phone camera you could record how a sale is initiated, how it is recorded and batched, banked, and reconciled back to the bank details in their software, and the checks and approvals required at each step. Then you could use the photos to build a visual record of how the revenue system works, with suitable narration and assessment, and attach that to your systems documentation page.

As part of going through the system with a staff member remember to be curious and ask things like: What if the bar staff are away? Who does this approval when the manager is on holiday? Do those security cameras actually work? Why is the till left open? What is done when a transaction includes more than one revenue type?

Conclusion

ISA 315 (revised 2019) focuses first on inherent risk. However, control risk is also important, especially when it relates to journals and IT systems. These must be documented at an appropriate level for the entity whether we intend to rely on the controls or not. And describing controls is not enough – we must have confidence that we are describing what actually happens. In my view, walk-through tests are the only real way to achieve this, and many audit files are lacking this important element.

17 May 2023

So, you are preparing financial statements for a Tier 3 charity – or auditing them – and the board have come up with the bright idea that they will use a revalued amount for land and buildings. The financial position will look better, so funders and members will feel that the entity is secure. What could possibly go wrong?

Quite a bit, actually. I’ve been asked to review a few of these lately and there are a number of potential pitfalls to explore. If you are auditing these kinds of statements, I hope this is a helpful guide to what to look out for.

Tier 3 – the basic rules of engagement

Table 3 of PBE SFR-A (NFP) (the Tier 3 reporting standard) states that Property, Plant and Equipment are to be recorded when purchased or donated, at cost if purchased or at current value if donated. Impairment is to be recognised if the market price of the asset falls below its carrying (book) value, or when the value of the asset to the entity is less than its carrying value if the asset is to be retained.

It is anticipated that depreciation will be charged to spread the cost of the asset – we’re talking buildings – over its useful life. Land is not to be depreciated.

There is a common misconception that buildings are not required to be depreciated – probably a carry-over from tax accounting. But Charities don’t fall under tax rules. PBE SFR-A (NFP) assumes depreciation will be charged on buildings.

Tier 3 – what to do with revaluations

PBE SFR-A (NFP) Paragraph A113 says that ‘an entity may elect to revalue a class of property, plant and equipment.’ It suggests that this will be the case where there is the likelihood of increases in value over the asset’s life – i.e. for land and buildings. If this is to be done, PBE SFR-A (NFP) tells us that we must apply the relevant requirements of PBE IPSAS 17 Property, Plant and Equipment.

What is PBE IPSAS 17? It is an international standard that applies, in New Zealand, to Tier 1 and 2 entities. So we’re playing with the big boys now. We going to have to read a ‘proper’ accounting standard. The only slight exception from the full PBE allowed under PBE SFR-A (NFP) is that the entity may use the current rateable or government valuation rather than ‘fair value’ as required by PBE IPSAS 17 when revaluing.

What are the implications? Firstly that disclosure must be made that PBE IPSAS 17 has been adopted for land and buildings. There should also be a change in accounting policy note when first adopted. Auditors should also note in their report that the Performance Report is prepared using PBE SFR-A (NFP) with PBE IPSAS 17 applied to the revaluation of land and buildings.

PBE IPSAS 17 – what’s required?

Paragraph 44 tells us that the carrying value of a revalued asset shall be its revalued amount, less any subsequent depreciation and impairment losses. Revaluations are to be made ‘with sufficient regularity to ensure that the carrying amount does not differ materially from that which would be determined using fair value at the reporting date.’

As we have said, many Tier 3 charities will use current rateable or government valuation. This is fine. If not the standard allows market-based appraisals to be used. In some cases depreciated replacement cost may be appropriate – say where there is a building on leasehold land. Some additional points to note:

  • If an item of property is revalued, the entire class of property to which that asset belongs shall be revalued. (para 51)
  • Land is one class, and Buildings are another class. (para 52)
  • This means that you can’t just value one bit of land or one building – you have to revalue all land holdings or all buildings at the same time. (para 53)
  • The increase from the revaluation must be recognised in ‘other comprehensive revenue and expense’ and accumulated in ‘net assets/equity’ under the heading of revaluation surplus. (para 54)

Remember that land is not to be depreciated, but buildings are – including depreciating the revaluation of buildings. So you will need to identify which part of the revaluation relates to land and which part to buildings.

The accounting treatment of the revaluation

A couple of problems arise here for Tier 3 entities. One is that they do not have an ‘other comprehensive revenue and expense’ category. The other relates to revaluation reserves.

PBE SFR-A (NFP) A143 states that there are two kinds of reserves; ‘Restricted reserves’ which may be used only for a particular purpose such as terms agreed with a donor, and ‘Discretionary reserves’ created by a transfer from accumulated funds to set aside resources for a particular purpose. Neither of these could pass as revaluation reserves.

There are two options. One is to bury the revaluation in accumulated funds. The second is to assume that if we are applying PBE IPSAS 17 it’s okay for us to break the letter of the Tier 3 law and make a revaluation reserve. I think this is the most sensible option, and the proposed changes to the Tier 3 standard obviously recognise the problem and assume the use of a revaluation reserve.

What about whether to record the revaluation through the Statement of Financial Performance or put it directly to Equity? Again I think that we are justified in adding to our Tier 3 rules by including an additional section in our Statement of Financial Performance – below the operating surplus or deficit – for the revaluation gain. Charities Services encourage this treatment. However, the updates to Tier 3 will allow the transfer of the surplus directly to reserves. So for now it is probably more correct to put through the Statement of Financial Performance – but ‘below the line.’

To revalue or not?

For entities who decide to use valuations for land and buildings, there will be some extra complexity and disclosure required. Extra notes will be needed, including details of the valuer, their qualifications, the date of valuation and the revaluation cycle. Depreciation will need to be calculated from the date of revaluation on the amount attributed to buildings. And auditors will need to assess all these things.

Note that there are proposed changes to the Tier 3 standard that do allow for revaluation to be done without having to move to PBE IPSAS 17. These are not far away.* See our commentary here. So if you are preparing financial statements for a Tier 3 entity you might want to consider waiting a while before revaluing, and just disclose the latest valuation by way of note.

*The new Tier 3 (NFP) Standard sets out the requirements that Tier 3 NFP entities are required to follow when preparing their annual performance reports. This Standard is required to be applied for accounting periods that begin on or after 1 April 2024. Earlier application is permitted for accounting periods that end after the Standard takes effect on 15 June 2023.