31 October 2023

Many audit firms have their own internal policies and methodologies for setting materiality. However many of our smaller firms struggle with a consistent approach. What is best practice?

ISA 320 (para 2) describes materiality as follows:

Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.

This implies that we identify who are the likely users of the financial statements. In the case of Not-for-Profits (NPFs) this is likely to be the members of the organisation, recipients of the services provided, and those who are likely to be external funders: grant providers and perhaps lending institutions.

What will users be concerned about in NFPs?

Certainly the ongoing viability of the entity, perhaps risks around income understatement or expense overstatement. Retention of value for assets will also be important. What will not be so important? Profit may indicate the ability to continue and grow, but it is not the primary reason the entity exists. So what parts of the financial statements will most influence the economic decisions of the users?

The important element is likely to be the costs of operating the entity. If the entity is able to deliver its services in a cost-effective and sustainable manner then stakeholders will continue to support it through their membership, grants, and other investments of time and funds.

What benchmark?

This emphasis on expenditure is reflected in how, in NZ, our four-tier NFP framework is measured – based on expenditure from the prior two years. So it makes sense to use this as our benchmark. Examples of benchmarks in ISA 320 (A5) include profit before tax, total revenue, gross profit and total expenses, and total equity or net asset value. Note that some firms use an average of the benchmark over the last three years to smooth out variations. This is worth considering if there are in fact such variations.

What about a new entity?

If the entity is new, and the first period is less than twelve months, can the auditor gross up the benchmark to twelve months for the calculation? No, because materiality applies to the particular financial statements being audited – regardless of the period length. Paragraph A7 is explicit about this.

What percentage should be applied to the benchmark?

ISA 320 (A4) states that “A percentage is often applied to a chosen benchmark as a starting point in determining materiality for the financial statements as a whole.”

This is where judgment must be applied. What percentage should we use? Commonly auditors choose between 0.5% and 3.0% of revenue or expenditure for overall materiality. However, the standard makes it clear that it is a matter of professional judgement and the auditor should not be confined to specific limits.

What is performance materiality?

Paragraph A13 tells us that “Performance materiality (which, as defined, is one or more amounts) is set to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds materiality for the financial statements as a whole.

Some firms refer to this as giving materiality a “haircut.” The theory is that pure materiality is what would influence the economic decisions of the users, but what if we miss something close to materiality, or a combination of factors tips us over into materiality? So performance materiality (PM) gives us some headroom for this – providing a buffer between our theoretical critical value and working materiality so some slack is built in.

Typically firms use 75-80% of overall materiality, but the standard suggests that the auditor considers that this may be assessed on a class, balance and disclosure basis, as related to risk, previous experience, and our understanding of the entity. Commonly related parties will need to be considered with a lower PM given this disclosure is generally regarded as being qualitatively material.

How about relating to audit risk?

There is a relationship between materiality and the level of audit risk. Simply put, the higher the audit risk, the lower the materiality level that should be applied. When there is a higher risk we should be turning the magnitude of our microscope up to a higher level i.e. reducing materiality.

Risk can be different for different elements of the financial statements, so how can our materiality levels reflect this? We can do this by applying different performance materiality as above. This can also be achieved by using separate benchmarks.

For instance, an NPF has relatively low income and expenditure but high-value land and buildings. Risk is assessed as low for the assets as they do not change and are valued at cost, but expenditure has a higher risk profile. It may be appropriate to use 5% of fixed assets for those balances but 1% of expenditure for everything else.

Another method of recognising different levels of risk on different balances is applying confidence levels to testing. So for instance, the overall risk is set at 2% of expenditure, but when testing revenue and expenditure a confidence level of 0.5 is applied to reduce the sampling interval to half of PM, doubling the sample size. Conversely, a confidence level of 2.0 is applied to increase the sampling interval to twice PM to look at fewer items, because there is less perceived risk. Or we could create a combination of all of the above in a more complex job.

How is materiality applied?

There are three areas where materiality is applied as per paragraph A1.

Firstly, identifying and assessing risks of material misstatement. This involves what we look at in terms of risk. This ties into the discussion of inherent risk and control risk. We only need to consider risks that affect the financial statements, not all business risks. Then we don’t need to consider all classes, balances and disclosures, just those with a risk of material misstatement.

So when we are considering risk we should have materiality in mind. For instance, it was traditional to qualify for cash income, however with less use of cash this qualification may not be automatic. Yes, there is still a risk, but if cash receipts only. make up a tiny proportion of income, it is probably not material.

When identifying classes of transactions, a group of balances may be material in total, but not individually – for instance a series of grants. It makes sense to group these items and apply risk assessment to the group. By definition, all material balances or classes form a risk, so these should be identified and their risk profiles assessed. Even if they are low risk, if they are material they should be flagged and considered.

Don’t forget about balances or classes that are not presenting as material but have the potential to be material – understated accruals or creditors are the common examples.

Secondly, materiality is applied when determining the nature, timing and extent of further audit procedures. This is most likely to be applied when selecting a sample for testing. Again, the microscope metaphor works well. We look at a dataset through a microscope, but if that is set too low at 40x we may miss potentially material items. If it is set too high at 1000x we will be looking in too much detail – getting lost in the job and spending way too much time.

Some firms will consider all transactions over performance materiality, however, a better application of materiality to sampling is using a cumulative sampling tool with an interval based on performance materiality (adjusted for confidence level if required) to arrive at a sensible, statistically robust sample size for detailed substantive testing. Note too that the sampling interval may be adjusted if reliance is being placed on controls that have been tested, or on analytical procedures. These decisions should all be documented.

Thirdly, materiality is to be considered when evaluating the effect of misstatements on the financial statements and in forming the opinion in the auditor’s report. When we have done our testing and accumulated our audit adjustments and disclosure errors, we assess these for their materiality. If there are misstatements that the client will not adjust, then we use materiality to assess whether we need to modify our opinion in some way.

Summary – practical applications for small NFPs

Typically, in a small non-complex NFP, audit firms set an overall materiality based on expenditure and apply a materiality percentage of 2-3% unless there are serious pervasive risks. A PM of 80% is used in most cases. Then they apply PM to their substantive testing using it for their sampling interval, unless there are good reasons to adjust it – say if reliance is being placed on controls testing or analytical procedures. Balances that are already ‘proved in total’ should be excluded from this kind of sampling. So to summarise:

  • Consider the users of the financial statements and what their motivations and interests are when setting materiality.
  • Use expenditure as your main benchmark for materiality in NFPs.
  • Consider benchmark averaging – including prior years – if there have been major changes.
  • Using standard percentages of the benchmark is okay, but make sure you relate this to assessed risk.
  • Use separate confidence levels or performance materiality to adjust testing when risk is assessed as lower or higher, or reliance is being placed on controls or analytical procedures.
  • Don’t forget to document your decisions and your rationale for those decisions.
  • Balances or classes that are material – or potentially material – represent risks, so make sure they are identified and addressed.
  • Don’t over-audit by choosing materiality that is so low that nothing is being proven by your extra work.
  • Don’t under-audit by setting materiality too high – or forgetting to apply it throughout the job – so that you miss important details.
  • Document.
  • Document.
  • Document.

5 September 2023

For those who prepare and audit financial statements for “small” (under $2m expenditure) charities and other not-for-profits, there are some important changes coming up.

In New Zealand, these smaller entities are very common – there are about 30,000 of them including some soon to be included in this reporting under the Incorporated Societies Act 2022.

The Standards have a mandatory date of 1 April 2024, meaning they must be applied for accounting periods that begin on or after 1 April 2024. A Tier 3 or 4 entity may choose to apply the Standard before the mandatory date for accounting periods that end after the Standard takes effect on 15 June 2023. 

The Tier 3 standard – now called  “Tier 3 (NFP) Standard –  Reporting Requirements for Tier 3 Not-for-Profit Entities” – continues to be accrual-based. And Tier 4 – now called  “Tier 4 (NFP) Standard – Reporting Requirements for Tier 4 Not-for-Profit Entities” – is a cash-based alternative for smaller entities (under $140k expenditure).

This article focuses on the Tier 3 (NFP) standard, which tends to be much more commonly used than the cash-based standard even for many smaller entities – as it is much more like traditional reporting. We will look briefly at the Tier 4 changes at the end.

Service performance

When the standards were introduced there were no NZ reporting or auditing standards for Service Performance Information (SPI). Now we have PBE FRS 48 for Tier 1 and 2 entities, and NZ AS-1 (shortly to be NZ AS1 (Revised)) for the audit of Service Performance Information (SPI) across all the tiers.

In a way, the changes in Tier 3 are simply following the direction set by PBE FRS 48 and NZ AS-1. The terms Outcome and Output were always confusing, so these are being replaced with more descriptive terminology as per PBE FRS 48.

There is also some helpful guidance provided about what to report as SPI, and how to report it. Reporting must be (as per para A14):

  • Relevant and faithfully represented
  • Understandable
  • Timely and comparable
  • Verifiable

As such, any changes in reporting from the prior year must be explained, so there is consistency in reporting.

From an audit perspective, NZ AS-1 (Revised) is a great improvement on the previous more complex standard that now feels like a better fit for smaller entities.

Changes to standard revenue and expenditure categories

A common criticism of reporting under the existing Tier 3 standard was that the reporting categories were so broad as to be almost meaningless in some cases. The new standard splits some of the categories into smaller classifications. For instance,

  • Commercial activities are split out;
  • Grants for capital projects are split from other grants;
  • Government funding is split from non-governmental funding;
  • Donations are now clearly differentiated from membership fees and subscriptions;
  • Employee remuneration (apparently including those paid as contractors) is to be split out from volunteer and other employee expenses.

Preparers of performance reports will be able to tweak the names of the categories, but will not be allowed to add additional categories as before. (para A68) This is probably for aggregation and analysis purposes. This will make the Statement of Financial Performance more meaningful and reduce the need for extensive notes breaking down the categories.

Revenue recognition changes

The old standard was fairly inflexible in matching revenue from grants and other bequests and gifts with the use of that money. Donations with a use or return condition were recognised as the condition was fulfilled. Any income without such a condition was recognised in the period it was received.

Under the new standard, if there is a clear expectation of when funds are to be used in terms of an agreed expectation from the grantor, the revenue may be recognised as or when the conditions are satisfied. See the decision tree below which is from the standard:

This seems like a clear, common-sense response, more in line with the commonly accepted matching principle of accrual accounting.

Alternative measurement for assets

Under the old standard, if fixed assets are revalued, the Tier 2 standard must be used. The new standard allows revaluation based on say, RV (rateable value) for land and buildings, or valuation by an independent qualified valuer. (para A133) Depreciation must still be calculated on revalued assets. (para A134)

Changes are made straight to a separate property, plant and equipment revaluation reserve within accumulated funds in the Statement of Financial Position. The whole class of assets must be revalued. Once a revaluation is made there must be consistency going forward, with no changing back to other methods, and revaluation updates made on a regular schedule. (para A139)

Assets classed as investment properties may be accounted for in the same way. (para A144) Where an entity holds investments that are publicly traded, it may elect to measure that class of investment at its current market value. (para A145) It may elect to recognise gains/losses on revaluation of publicly traded investments either in revenue or expenses in the statement of financial performance, or in accumulated funds in a separate investment revaluation reserve. (para A148) 

Accumulated funds

In the old standard, there was no requirement to disclose any details of accumulated funds. The new standard says that to make information understandable to users, the balance of accumulated funds is to be aggregated and presented separately in categories, as applicable. These include any capital contributed by owners, accumulated surpluses or deficits, revaluation reserves (as above), restricted and discretionary reserves, and any other reserves. (para A175)  

For transparency, there is to be a note that discloses objectives and policies for managing accumulated funds and any plans for applying accumulated funds to meet the entity’s objectives. (para A231-A235)

This seems to be designed to make entities think about why they have significant reserves (if in fact, they do) and perhaps how they could be better using these to meet their objectives. If they view their reserves as investments, are they making the best use of their capital? Could they be meeting their objectives in more efficient ways with a redeployment of their equity?

On the other hand, many charities certainly don’t have excess cash or investments and their equity simply represents assets such as land and buildings that are essential to their service delivery. Having to make up a nice story to put into a note in these cases seems a bit pointless – and could be difficult to audit.

Simplification to the statement of cash flows

Cash flow statements are typically a headache for both preparers of financial statements and auditors. Accounting software often struggles and the results are hard to audit and hard for users to understand.

The new standard aligns the categories in the Statement of Cash Flows with the categories in the Statement of Financial Performance. The Statement of Cash Flows is to be essentially a statement of receipts and payments.

Tier 4 changes

There are a couple of changes for Tier 4 (NFP) reporting. These reflect the changes in categories for Tier 3, changing the language around outcomes and outputs, removing the need for a “Statement of Resources and Commitments” and replacing this with significant assets and significant liabilities listed in the notes. The name of “Statement of Receipts and Payments” is changed to “Statement of Cash Received and Cash Paid.”

Transition to the new standards

The changes currently being adopted to reporting for small charities (Tier 3 and 4) have been largely welcomed as positive and sensible. However, there will be some transitional issues that will present challenges to preparers and auditors, for the first year of adoption when the old standard was previously used.

Some of the key items to keep in mind are as follows:

  • Comparatives will need to be restated to line up with the new categories (unless it is impractical to do so). (para C14)
  • Revenue recognition changes will be treated as changes in accounting policy with an appropriate note. (para C15)
  • Adopting the revaluation provisions will need to be acknowledged as a change in accounting policy. (para C18)
  • An entity previously using a Tier 2 standard may continue to do so, or change to the new option, however, this will be a change of accounting policy. (para C21)

Note that there may still be the requirement to use Tier 2 standards where consolidated financial statements, investments in associates or joint ventures, or joint arrangements are involved. (para D1) It may also apply other specific standards to specific transactions. (para D2)

We have included checklists for the new standards, including transitional requirements, in our new Tier 3 and 4 (NFP) Review (2023) templates, our new Tier 3 and 4 (NFP) Audit (2023) templates, plus we have stand-alone checklists for preparers of financial statements to use.

4 September 2023

I have good news and bad news.

The good news is that the new standard for the audit of service performance (NZ AS1 (Revised)) is actually much simpler than the original standard released three years ago. The bad news is the shambles created by rushing through the original standard without proper consultation, deferring it twice, and then effectively cancelling it altogether.

Diligent auditors (and software/content developers) front-footed it and adopted NZ AS1 anyway, thinking we were doing a good thing – despite complaints from our customers about how complex it was – only for it to be deferred.

We had updated our templates and encouraged auditors that this was the way to go, knowing that it would apply sooner or later, and although the standard was a bit of an overkill for smaller entities, it seemed to fit well with its sister reporting standard for Tier 1 and 2 PBE’s – PBE FRS-48.

Those firms that muddled along using bits and pieces from ISAE (NZ) 3000 (Revised) and EG Au9 can now go straight to the new standard, without the pain of having to do that hard work. One up for procrastination!

Anyway, now that I’ve got that off my chest, what about the new standard? And why was it changed?

The XRB issued a statement in July 2023 explaining the rationale for the changes. One major issue was that the Office of the Auditor-General raised concerns regarding the suitability of NZ AS 1 for the public sector.

So the standard, while already released, was at the last minute deferred to allow time for the XRB to work with the OAG to address these concerns and consider the future application of NZ AS 1. This was after the original 12-month deferral due to COVID – which also reflected the deferral of PBE FRS-48.

PBR FRS 48 was released at a similar time to the original NZ AS1. The language was aligned – in that “service performance information” was used instead of the “outcomes” and “outputs” language of the old Tier 3 and 4 standards. I get the feeling that the original NZ AS1 was really made for large Tier 1 and 2 PBE entities without a lot of thought given to small charities.

The new standard changes the language from the complex audit-speak to friendly terms like “appropriate and meaningful.” (Para 25 describes what this means.) This is to be applied as follows:

• Are the elements/aspects of service performance that the entity has selected to report on appropriate and meaningful?
• Are the performance measures and/or descriptions the entity has used to report on what it has done in relation to those elements/aspects of service performance during the reporting period appropriate and meaningful?
• Is the measurement basis or evaluation method used to measure or evaluate the performance measure and/or description appropriate and meaningful? (para 7(a))

The questions above form the first step of the two-step process.

The second part is to assess whether the reported service performance information fairly reflects the actual service performance and is not materially misstated. (para 7(b))

To carry out this part, we need to apply our risk identification skills. The standard echoes the emphasis of ISA 315 (Revised 2019) focusing first on Inherent Risk (risk before consideration of any related controls), then Control Risk.

Then we basically just follow normal audit procedures, but include consideration of service performance information and controls when we look at things like entity and environment, regulatory framework, control systems, materiality, analytical review, and deciding how much reliance to place on controls testing, analytical review and substantive testing.

This will of course impact our documentation and the content of our engagement letters, representation letters, and audit reports, as they relate to responsibilities of governance and the auditor’s responsibilities. Our updated templates have taken all this into account.

The standard emphasises that we “…develop an audit plan with a single audit approach to concurrently cover the service performance information and the financial statements.” (para 20)

Part of the reason for this change is that since the original standard there have been a couple of other major standards released.

It seems that ISA 315 (Revised 2019) has mainly influenced the changes. Much of the language of (NZ AS1 (Revised)) is directly parallel to ISA 315 (Revised 2019) – which is a good thing.

The other influence is the new Tier 3 and 4 NFP Standards. Again they have taken out the “outcomes” and “outputs” language (which very few people actually followed or understood), and replaced it with the nice broad term “service performance information.”

When do we have to use the new NZ AS1 (Revised) standard?

NZ AS 1 (Revised) was approved for issue in July 2023. It is applicable for periods beginning on or after 1 January 2024. Note that it may be early-adopted for periods ending after 24 August 2023 – so essentially jobs ending from now. Auditors may use either the current NZ AS1 or ISAE (NZ) 3000 (Revised) until then. The following graphic is from the XRB:

To accommodate for the new standard we have (so far) reworked our latest Tier 3 and 4 (NFP) templates for both the change to the new Tier 3 and 4 (NFP) standards and also to NZ AS1 (Revised).

So, because it is not cost-effective to revise our current Tier 3 and 4 PBE templates from using NZ AS1 to NZ AS1 (Revised), then create a new set of templates for using the new Tier 3 and 4 (NFP) standards with NZ AS1 (Revised) we have added both updates into our Tier 3 (NFP) 2023 and Tier 4 (NFP) 2023 templates. Basically, if the client is using the new Tier 3 and 4 reporting, then use the new template, which will also give you NZ AS1 (Revised).

So we are suggesting that users step up to NZ AS1 (Revised) while also stepping up to the new Tier 3 and 4 (NFP) standards, by swapping to our 2023 NFP series templates (see flowchart below). Note that the new templates are marked NFP, while the existing ones are PBE. We did this to differentiate as they are all marked as 2023! We have not yet updated our Tier 1 and 2 templates for NZ AS1 (Revised). This will happen in the next month or two.

To treat this as a “…single audit approach to concurrently cover the service performance information and the financial statements…” we have integrated the service performance steps into existing pages – rather than treating them as separate pages as in the existing template. For instance Entity and Environment includes some questions related to Service Performance, as does materiality and internal control checklists. This should simplify the work considerably compared to our extant templates.

When do we get the new Tier 3 and 4 (NFP) templates?

The new Tier 3 and 4 NFP templates are up now (5 September 2023), but we are not flagging existing jobs to push to upgrade because there will still be jobs that use the old Tier 3 and 4 standards. So wait until the client adopts the new reporting standards, then update manually to the new template after rollover.

The Standards have a mandatory date of 1 April 2024, meaning the Standard must be applied for accounting periods that begin on or after 1 April 2024. However, these new standards may apply for accounting periods ending after 15 June 2023 – so any balance dates from 30 June this year may be using the new Tier 3 or 4 standards.  Hence the reason we have been pushing to update our Tier 3 and 4 audit and review templates.

We have reduced our current templates for the update to the new standards. Instead of two Tier 4 (one full ISA and one reduced for smaller entities that we call our ‘LCE’ versions), we now just have the compact version for the new NFP standard. For Tier 3, we will still have an LCE version for simpler entities and a full ISA version, but we have combined the ‘group’s’ content back into this one as well. So now there are two instead of three options.

To summarise:

30 May 2023

So we have a typical small not for profit: poor division of duties, no real controls apart from two signatories for payments, a review of financial results at irregular board meetings, and the annual Performance Report prepared by external accountants.

We know we are not relying on controls for our audit work, but that pesky ISA 315 tells us that we still have to document controls, such as they are. We must – according to paragraph 25 – obtain an understanding of the entity’s information system and communication relevant to the preparation of the financial statements, including:

  • how information flows through the entity’s information system, including how transactions are initiated, and how information about them is recorded, processed, corrected as necessary, incorporated in the general ledger and reported in the financial statements, and
  • how information about events and conditions, other than transactions, is captured, processed and disclosed in the financial statements;
  • understanding how the entity communicates significant matters that support the preparation of the financial statements and related reporting responsibilities in the information system and other components of the system of internal control so that we may
  • evaluate whether the entity’s information system and communication appropriately support the preparation of the entity’s financial statements.

How do we obtain this information? Para A136 tells us it is through various ways that may include:

  • enquiries of relevant personnel about the procedures used to initiate, record, process and report transactions or about the entity’s financial reporting process;
  • inspection of policy or process manuals or other documentation of the entity’s information system;
  • observation of the performance of the policies or procedures by the entity’s personnel; or
  • selecting transactions and tracing them through the applicable process in the information system (i.e., performing a walk-through).

Optional or required?

So does this mean that walk-through tests are one option among many? Yes and no. We are required to document the identified controls that are relevant to inherent risks that we have identified. Paragraph A125 states that we must “evaluate the design and determine whether the controls have been implemented.” Here is the catch. How can we assess whether the controls have been implemented unless we perform some sort of walk-through test?

The client may complete our internal controls checklist, send us their procedures manual, and tell us sweet stories, but as we all know, what they say they do or think they do may not be what they actually do. These procedures may have existed at some point in the past, but internal controls, like most systems, are subject to entropy over time.

Part of our work is therefore to look for changes. Paragraph A41 states that we are required to determine whether information obtained from our previous experience with the entity and from audit procedures performed in previous audits remains relevant and reliable. If circumstances have changed information from prior periods may no longer be relevant or reliable. The standard suggests that enquiries and other appropriate audit procedures, such as walk-throughs of relevant systems should be carried out.

What form can a walk-through take?

We document the system at a level appropriate to the entity, especially noting the controls. Then we check to see if the system as described is actually what they do. For instance, journals must always be given close attention. How are they initiated? Who can create journals? Who approves them? What reviews are carried out? What other means are there of making adjustments to the ledger – editing transactions say?

In this case, we would document the process, then follow one journal through from initiation to ledger, ensuring that all levels of approval and checking have in fact been followed and there is evidence of this.

This is different to a test of controls which would be spread across the period. The walk-through does not give us reliance that the controls are effective, just that we have documented them correctly. In a simple small entity, we could add this walk-through test as a narrative comment. In a more complex entity, it would make sense to create a diagram and then perhaps a spreadsheet following the transaction through the key steps and controls.

You may wish to carry out the walk-through as you have someone explaining the system and you are documenting it. For instance, you are visiting the client – a sports club say – and you ask them – show me the process for recording a bar sale? Using your phone camera you could record how a sale is initiated, how it is recorded and batched, banked, and reconciled back to the bank details in their software, and the checks and approvals required at each step. Then you could use the photos to build a visual record of how the revenue system works, with suitable narration and assessment, and attach that to your systems documentation page.

As part of going through the system with a staff member remember to be curious and ask things like: What if the bar staff are away? Who does this approval when the manager is on holiday? Do those security cameras actually work? Why is the till left open? What is done when a transaction includes more than one revenue type?


ISA 315 (revised 2019) focuses first on inherent risk. However, control risk is also important, especially when it relates to journals and IT systems. These must be documented at an appropriate level for the entity whether we intend to rely on the controls or not. And describing controls is not enough – we must have confidence that we are describing what actually happens. In my view, walk-through tests are the only real way to achieve this, and many audit files are lacking this important element.

17 May 2023

So, you are preparing financial statements for a Tier 3 charity – or auditing them – and the board have come up with the bright idea that they will use a revalued amount for land and buildings. The financial position will look better, so funders and members will feel that the entity is secure. What could possibly go wrong?

Quite a bit, actually. I’ve been asked to review a few of these lately and there are a number of potential pitfalls to explore. If you are auditing these kinds of statements, I hope this is a helpful guide to what to look out for.

Tier 3 – the basic rules of engagement

Table 3 of PBE SFR-A (NFP) (the Tier 3 reporting standard) states that Property, Plant and Equipment are to be recorded when purchased or donated, at cost if purchased or at current value if donated. Impairment is to be recognised if the market price of the asset falls below its carrying (book) value, or when the value of the asset to the entity is less than its carrying value if the asset is to be retained.

It is anticipated that depreciation will be charged to spread the cost of the asset – we’re talking buildings – over its useful life. Land is not to be depreciated.

There is a common misconception that buildings are not required to be depreciated – probably a carry-over from tax accounting. But Charities don’t fall under tax rules. PBE SFR-A (NFP) assumes depreciation will be charged on buildings.

Tier 3 – what to do with revaluations

PBE SFR-A (NFP) Paragraph A113 says that ‘an entity may elect to revalue a class of property, plant and equipment.’ It suggests that this will be the case where there is the likelihood of increases in value over the asset’s life – i.e. for land and buildings. If this is to be done, PBE SFR-A (NFP) tells us that we must apply the relevant requirements of PBE IPSAS 17 Property, Plant and Equipment.

What is PBE IPSAS 17? It is an international standard that applies, in New Zealand, to Tier 1 and 2 entities. So we’re playing with the big boys now. We going to have to read a ‘proper’ accounting standard. The only slight exception from the full PBE allowed under PBE SFR-A (NFP) is that the entity may use the current rateable or government valuation rather than ‘fair value’ as required by PBE IPSAS 17 when revaluing.

What are the implications? Firstly that disclosure must be made that PBE IPSAS 17 has been adopted for land and buildings. There should also be a change in accounting policy note when first adopted. Auditors should also note in their report that the Performance Report is prepared using PBE SFR-A (NFP) with PBE IPSAS 17 applied to the revaluation of land and buildings.

PBE IPSAS 17 – what’s required?

Paragraph 44 tells us that the carrying value of a revalued asset shall be its revalued amount, less any subsequent depreciation and impairment losses. Revaluations are to be made ‘with sufficient regularity to ensure that the carrying amount does not differ materially from that which would be determined using fair value at the reporting date.’

As we have said, many Tier 3 charities will use current rateable or government valuation. This is fine. If not the standard allows market-based appraisals to be used. In some cases depreciated replacement cost may be appropriate – say where there is a building on leasehold land. Some additional points to note:

  • If an item of property is revalued, the entire class of property to which that asset belongs shall be revalued. (para 51)
  • Land is one class, and Buildings are another class. (para 52)
  • This means that you can’t just value one bit of land or one building – you have to revalue all land holdings or all buildings at the same time. (para 53)
  • The increase from the revaluation must be recognised in ‘other comprehensive revenue and expense’ and accumulated in ‘net assets/equity’ under the heading of revaluation surplus. (para 54)

Remember that land is not to be depreciated, but buildings are – including depreciating the revaluation of buildings. So you will need to identify which part of the revaluation relates to land and which part to buildings.

The accounting treatment of the revaluation

A couple of problems arise here for Tier 3 entities. One is that they do not have an ‘other comprehensive revenue and expense’ category. The other relates to revaluation reserves.

PBE SFR-A (NFP) A143 states that there are two kinds of reserves; ‘Restricted reserves’ which may be used only for a particular purpose such as terms agreed with a donor, and ‘Discretionary reserves’ created by a transfer from accumulated funds to set aside resources for a particular purpose. Neither of these could pass as revaluation reserves.

There are two options. One is to bury the revaluation in accumulated funds. The second is to assume that if we are applying PBE IPSAS 17 it’s okay for us to break the letter of the Tier 3 law and make a revaluation reserve. I think this is the most sensible option, and the proposed changes to the Tier 3 standard obviously recognise the problem and assume the use of a revaluation reserve.

What about whether to record the revaluation through the Statement of Financial Performance or put it directly to Equity? Again I think that we are justified in adding to our Tier 3 rules by including an additional section in our Statement of Financial Performance – below the operating surplus or deficit – for the revaluation gain. Charities Services encourage this treatment. However, the updates to Tier 3 will allow the transfer of the surplus directly to reserves. So for now it is probably more correct to put through the Statement of Financial Performance – but ‘below the line.’

To revalue or not?

For entities who decide to use valuations for land and buildings, there will be some extra complexity and disclosure required. Extra notes will be needed, including details of the valuer, their qualifications, the date of valuation and the revaluation cycle. Depreciation will need to be calculated from the date of revaluation on the amount attributed to buildings. And auditors will need to assess all these things.

Note that there are proposed changes to the Tier 3 standard that do allow for revaluation to be done without having to move to PBE IPSAS 17. These are not far away.* See our commentary here. So if you are preparing financial statements for a Tier 3 entity you might want to consider waiting a while before revaluing, and just disclose the latest valuation by way of note.

*The new Tier 3 (NFP) Standard sets out the requirements that Tier 3 NFP entities are required to follow when preparing their annual performance reports. This Standard is required to be applied for accounting periods that begin on or after 1 April 2024. Earlier application is permitted for accounting periods that end after the Standard takes effect on 15 June 2023.

31 March 2023

In assisting a range of Audit firms with their Quality Control I get to see quite a few files for review, mostly Tier 3 charities. There are a number of common areas where improvements could be made. We explore some of these below:

Qualification for cash income

It is still common for audit reports for charities and clubs to qualify for cash income. However, with the reduction in the use of cash, this may not be given. In many jobs, I see this unquestioningly adopted, without an attempt to quantify just how much of the income of donations say is actually represented by cash so subject to that risk. The audit report then may lead a reader to the conclusion that the potential understatement is much larger than it actually is.

When considering the risk of understatement of cash income and subsequent qualification, I suggest that work be documented to quantify the total amount represented by cash and the potential understatement. this may not be material, in which case a qualification will not be necessary. It may be material and subject to qualification, but the audit report should identify the particular items where there may be an understatement instead of just a blanket statement. Also, rather than a qualified opinion, an “emphasis of matter” paragraph may be appropriate, as is more common in Australia.

There is also the opportunity to assist the client with advice on how to implement controls or update their current internal controls so that the qualification may not be required in the future.

Inconsistency between engagement letters, work done and audit reports

It is vital that what we have agreed we will do in the engagement letter is what we actually do, and our audit reports actually reflect this. Does the testing regime for service performance correspond with the testing we have done? Have we properly identified the reporting regime used by the entity and used the correct template that reflects that regime? This will be a big issue as clients update to the new Tier 3 and 4 reporting standards.

If there is inconsistency and the job is subsequently subject to a dispute, this will be an immediate black mark against the quality of your work.

Risks at the Financial Statement and Assertion level confused

I see many cases where assertion level risks are identified as financial statement level. All risks will potentially affect the financial statements, but most only relate to a few balances, disclosures or assertions. These are described therefore as risks at the assertion level. Risks at the financial statement level are risks that are pervasive to the whole of the financial statements and potentially affect many assertions (see ISA 315 (Revised 2019), para 4).

So risks at the financial statement level are ‘top level’ risks, which will likely have related risks at the assertion level, so they will be rarer than assertion level risks. An example of a financial statement level risk is given in ISA 315 (Revised 2019), A195: An entity faces operating losses and liquidity issues and is reliant on funding that has not yet been secured. In such a circumstance, the auditor may determine that the going concern basis of accounting gives rise to a risk of material misstatement at the financial statement level.

Lack of walk-through testing

When controls are not to be tested there is a common assumption that walk-through tests are not required. However, even if not testing or relying on controls we are required to document the identified controls that are relevant to inherent risks that we have identified. And we must somehow confirm that we have documented the controls correctly, implying some sort of walk-through test. This need not be in as much detail as a complex system requires, but we should add some level of documentation.

We have a full article discussing this in detail. And we have updated our latest templates to remove the ‘walkthrough tests not required’ option.

Enquiries directed at a limited range of people

Some questionnaires are designed to be answered by someone from management, and some from governance. The fraud questionnaires are a good example. However, in small entities, I commonly see all enquiries directed to one person.

While this reflects something of the reality of small entities, it is an important control that governance is aware of and oversees what is happening at a managerial level. Gaining perspective from different people – as well as being requirements of the standards – helps build a wider ‘3D’ view of the entity.

Verbal enquiries neglecting to identify the entity contact

Sometimes instead of having an entity contact complete a checklist or answer a question online, it is more convenient to interview them and record their responses.

In these cases, it is essential to record the name of the person and the date of the interview.

Budget testing as an analytical review tool

It is common to have a client respond to the questionnaire that they do indeed prepare budgets. However, it is uncommon to see these budget figures used in an Analytical Review test. Many times I see the Analytical Review option for budgets marked “no Budget.”

Comparing budgets to actual results can be a powerful analytical and risk identification tool in SME audits, where budgets define the expectation of governance. Even if budgets are not prepared for all the figures reflected in the TB, the budget column for key figures can be manually completed on the TB page, to flow through to the analysis pages.

Lack of follow-up on issues identified in the planning phase

Often I see key items or risks that are mentioned at the staff planning meeting, in information gathered from the client, or when discussing rebuttable presumptions around fraud, understatement of income, or risks associated with journals, that are not flagged and addressed specifically later in the file.

In the current iteration of Audit Assistant, the risk flag tool should be used in these cases, as all comments may be flagged as risks. This will ensure that the issue is not dropped, but is appropriately brought to the foreground in the audit work. There is also the “Key Issue” option which may be used to flag important items intended for partner attention.

Lack of identification of risks

Risk identification is a bit of a moving target as we all adapt to ISA 315 (revised 2019), however, even under the old standard there was a requirement to identify risks of material misstatement and form the focus of our testing primarily around the most significant risks. I see many good examples of risk assessment, but also many where material items in the financial statements are not assessed as risk, presumably because the auditor has looked at the item and assessed it as low risk – but not documented that decision.

In Tier 3 entities, where there are a limited number of categories in the Statement of Performance and Statement of Financial Position, I would expect to see each category subtotalled in the TB, and a risk assessment for each subtotal, unless it is clearly immaterial or has no prospect of being material.

Lack of identification of significant risks

Many audit files have all their identified risks assessed as very much the same risk profile. I recently heard a reviewer describe a good audit file as one that resembled the Andes rather than rolling green hills.

In other words, we are trying to find which risks are significant to the entity and highlight those rather than just saying all risks are on the same level. Even in a very low-risk job, there will be some inherent risks that the entity faces that will stand out as the main threats to the entity – and these are where we need to focus our work. This will produce not only better audit work but also more efficient work because we are putting our resources into the right areas. If we view “Significant” as a relative term rather than absolute, we will start to identify risks that are significant in the context of the job. This is especially important in complying with ISA 315 (revised 2019).

Note that anything that will result in a modification to the audit report should be identified as significant. Many firms use the “Key Issues” flag to help clearly identify these risks – which is a great idea.

Fixed asset valuation methods

When a Tier 3 entity opts to revalue their land and buildings – as many do – leaving behind the safe harbour of the Tier 3 standards and ventures into the deep waters of PBE IPSAS 17 there are many potential snares, as I discovered recently.

Don’t assume that the CA who prepared the financial statements got it right, and read the standard well. I would assume that any revaluation of this sort is a significant risk as it will likely be highly material. Also, remember to check the disclosures in the Performance Report – that they reference the standard – and include a mention of the use of PBE IPSAS 17 in the preparation of the financial statements in your audit report just to be safe. Finally, be aware that the new Tier 3 standard allows changes in the treatment of revaluations, so be aware of what is changing.

Do you agree? Any comments or suggestions? Contact me here.

9 March 2023

Audit Assistant has been making online collaboration tools for auditors for many years, so we thought why not use this incredible functionality to help accountants who prepare financial statements as well?

If you carry out the preparation of financial statements for audit, or review, or just want to have a great paperless compilation process to streamline your business advisory services practice, we have the tool for you.

The annual compilation file meets the need for a central digital repository for annual compilation work. It includes financial reporting checklists for:

  • Tier 1 and 2 Public Benefit Entities
  • Tier 1 and 2 For-Profit Entities
  • Tier 3 Public Benefit Entities
  • Special Purpose (SPFR for FPE) Companies

The output is a PDF that can then be sent directly to your auditor or reviewer, which contains most of what they will need for their work. Alternatively, you can give them direct access to the file so they can pull the data they need for their audit or review file.

Other great features include:

  • Checklists to gather data from your clients via the internet
  • Checklists for confirming compliance with SES-2 and Code of Ethics requirements
  • Standard engagement letters and completion letters including suggestions generated during the work
  • A requests feature whereby client queries are responded to directly into the file
  • Trial balance upload from Xero and other common software that populates ‘lead schedules’ for sections (income, expenditure, bank, debtors etc.)
  • PDFs or spreadsheets can then be added to the correct part of the file supporting the different items in the financial statements
  • External links may be added to say the business website, online repository or client online software
  • Journals may be created from the system that updates the trial balance and form source documents for posting to the client ledger
  • Key Documents such as minutes, constitutions, contracts etc may be uploaded and brought forward each year for reference
  • At completion, the job is rolled over, and ready for the next year, with much of the work just needing to be brought forward and updated for the new year
  • Rollover produces a PDF of the whole job plus attachments for archiving

More than 40% of NZ audit firms use our auditing software, so it makes sense to use our proven and familiar tools to prepare data for your auditor, saving time and hassle.

The Accountants Tool package is designed primarily for CA firms preparing multiple jobs but is also suitable for entities that prepare their performance reports and financial statements in-house. We provide special discount pricing packages in these cases.

Contact us to find out more or for a free demonstration.

21 February 2023

Is this project that we have all eagerly anticipated actually going to happen? It appears so. I recently attended an IFAC webinar (recording is here) that explained the latest developments.

I wrote about this back in 2021 when the draft standard was released. It seems that there has been a bit more clarity as to the application of the standard.

Originally groups were to be excluded from the scope of the standard, however, common sense has now prevailed and groups that meet LCE criteria may now be included. Using component auditors will be acceptable, as components don’t necessarily equate to complexity. An additional section has been added to the original exposure draft discussing the application to components and groups.

The webinar participants reiterated that the standard does not give a lesser level of assurance than a full ISA audit, and audit reports will be essentially unchanged. The standard focuses on core procedures and does not include much explanatory information. It is designed to follow the flow of an audit. It also uses more direct language than the ISAs.

Concerns had been expressed that there seemed to be too much judgment required in whether the standard could be applied. To clarify the scope, the IAASB has agreed to enhance the description of the qualitative characteristics of an LCE and will include an expectation for jurisdictions to determine quantitative thresholds, I assume in terms of say turnover, assets, staffing, or ownership complexity.

Since the LCE standard was proposed, we have had the new ISA 315 (revised 2019). This focus on risk identification and assessment has also flowed through to the LCE standard, with some revision of Part 6 to make it align more with the approach of ISA 315 (revised 2019).

Finally, when can we expect to enter this audit utopia? The finalisation date for the international standard is December 2023. It is then just a matter of how proactive the XRB and other key NZ stakeholders will be in adding any quantitative thresholds and releasing it into the wilds of Aotearoa.

This is going to be a game changer for auditors in NZ, as most of the work we do should fall into the scope of the LCE standard, and most charities and not-for-profits will have fit-for-purpose standards and not have to use auditing standards designed for multinational corporates. Auditors will be partying in the streets when this new standard is released.

7 December 2022

We’ve talked about risk assessment, professional scepticism, responding to identified risks, and the business model in terms of ISA 315 (revised 2019). But the bulk of the actual requirements of the standard (paragraphs 19-27) relate to, as the heading puts it: ‘Obtaining an Understanding of the Entity and Its Environment, the Applicable Financial Reporting Framework and the Entity’s System of Internal Control’. This is the topic of this article.

The new approach to understanding the entity and environment – especially its controls – is fairly significant. The easiest way to express this is to compare the requirements of the old ISA 315 with the revised 2019 version.

Entity and Environment

Paragraphs 19-20 address Understanding the Entity and Its Environment, and the Applicable Financial Reporting Framework.

Paragraph 19(a)(i) specifies that we obtain an understanding of the entity’s organisational structure, ownership and governance, and its business model, including the extent to which the business model integrates the use of IT. Understanding the organisational structure, ownership and governance were previously required under ISA 315, 11(b)(ii). The requirement to understand the business model, and the extent to which this integrates the use of IT is new. We have discussed this at length in a previous article.

Paragraph 19(a)(ii) specifies that we obtain an understanding of industry, regulatory and external factors. This was required in the old standard under paragraph 11(a). The supporting information in paragraphs A68-A73 is worth a read to refresh yourself as to the scope of what is required here. Good general knowledge of the economy, the current issues with the specific industry and the inputs and outputs of the entity are likely to be extremely helpful, and points to be discussed and documented in the team meeting.

Paragraph 19(a)(ii) specifies that we obtain an understanding of the measures used, internally and externally, to assess the entity’s financial performance. This replaces the old paragraph 11(e) requirement to obtain an understanding of the measurement and review of the entity’s financial performance. The difference is specifying internally and externally. The supporting information in paragraph A74 explains that this helps us to consider whether such measures, whether used externally or internally, may create pressure on the entity to achieve performance targets, motivating management to take actions that increase the susceptibility to misstatement due to management bias or fraud. Again, something to discuss in the team meeting. Paragraphs A74-A77 are well worth reading.

Paragraph 19(b) states that we obtain an understanding of the applicable financial reporting framework, and the entity’s accounting policies and the reasons for any changes thereto. This was covered previously in paragraph 11(c). There are three parts to consider: the applicability of the framework, how this fits with the actual policies, whether there have been any changes, and if so, whether are these justified.

Paragraph 19(c) states that we must obtain an understanding of how inherent risk factors affect the susceptibility of assertions to misstatement and the degree to which they do so, in the preparation of the financial statements in accordance with the applicable financial reporting framework, based on the understanding obtained in (a) and (b). This is new. If follows the emphasis in the revised ISA 315 on inherent risks. In paragraphs A87-A89 the emphasis is on susceptibility to misstatement relating to complexity or subjectivity. The greater the complexity or subjectivity, the greater the risk, and the more professional scepticism is required.

Finally, paragraph 20 requires us to evaluate whether the entity’s accounting policies are appropriate and consistent with the applicable financial reporting framework. This was also covered in the old 11(c) paragraph.

It is also interesting to note what has been dropped out. The old ISA 315 11(b) specified that we understand the operations of the entity, the types of investments that the entity is making and plans to make including investments in special-purpose entities, and how the entity is financed. These are all now covered in Appendix 1, which includes these and many more examples of matters to consider when understanding the entity.


The new standard splits the analysis of controls into:

  • the control environment (paragraph 21),
  • the risk assessment process (paragraphs 22-23),
  • the entity’s process to monitor the system of internal control (paragraph 24),
  • the information system and communication (paragraph 25) and
  • control activities (paragraph 26).

These components were previously covered in general terms in paragraphs 12-23 of the old standard, but the new standard is more specific and detailed and will require more work to provide the detail required. Each element must be separately assessed, even though there will be significant common ground. Note too that this work is required whether or not there is any reliance to be placed on controls. This is a risk assessment exercise.

For instance, we must now identify what controls, processes and structures address how management’s oversight responsibilities are carried out, such as the entity’s culture and management’s commitment to integrity and ethical values. (Paragraph 21(a)(i))

This seems a bit over the top for a smaller entity. This is where the scalability provisions can help. Paragraph A16 says: The nature and extent of risk assessment procedures will vary based on the nature and circumstances of the entity (e.g., the formality of the entity’s policies and procedures, and processes and systems). The auditor uses professional judgement to determine the nature and extent of the risk assessment procedures to be performed to meet the requirements of this ISA (NZ).

Paragraph A17 further states: Although the extent to which an entity’s policies and procedures, and processes and systems are formalized may vary, the auditor is still required to obtain the understanding in accordance with paragraphs 19,21,22, 24, 25 and 26.

It continues with an example: Some entities, including less complex entities, and particularly owner-managed entities, may not have established structured processes and systems (e.g., a risk assessment process or a process to monitor the system of internal control) or may have established processes or systems with limited documentation or a lack of consistency in how they are undertaken. When such systems and processes lack formality, the auditor may still be able to perform risk assessment procedures through observation and enquiry.

So we still need to ask the questions, but in the light of the small scale of the entity, on enquiry, the answer might be ‘no formal system, however, ethics are emphasised by example and in staff and board meetings.’

For smaller and less complex entities. meeting all the specific requirements of this part of ISA 315 (revised 2019) may seem tedious, but until we get a standard for LCEs it is, unfortunately, unavoidable.

<< previous article

21 October 2022

Ever wish you could take your current complex review and documentation processes and put them into one bespoke, secure, elegant online solution without spending hundreds of thousands of dollars? Now you can.

Or go next level and become a provider of that content, reselling it to other firms in your industry? This is what ReviewTools from Audit Assistant offers.  

Audit Assistant has been the online tool of choice for the majority of New Zealand SME financial auditors for over ten years. We have now taken this experience and applied it to building ReviewTools  – a secure platform for complex process and assurance work for a wider range of applications.

ReviewTools offers a flexible and powerful base with numerous built-in features that can be flexibly configured for all sorts of diverse, complex review applications.

ReviewTools is an ideal platform for small team collaboration in real-time in complex risk-based and standards-driven processes – perfect for industries and professions where documentation is critical, and evidence gathering and client interaction must be tracked within the application.

ReviewTools includes:

  • Integrated signup, customer management, billing and reports.
  • Built-in two-factor authentication,
  • Encrypted file storage,
  • A professionally hosted and maintained database,
  • Backup and restore service,
  • Risk assessment processes,
  • Customisable team roles,
  • Real-time team interaction,
  • Multi-level review processes,
  • Sampling and analytics tools,
  • Integrated letter and report creation,
  • Uploadable file attachment,
  • Annual rollover if required,
  • Client query tool
  • Invitation for client access to individual pages for data gathering,
  • Hyperlinks to online standards,
  • Dynamic job creation,
  • Export of completed work to PDF,
  • Full dashboard for work tracking and milestones,
  • Ability to customise structure and content as required,
  • Help from our staff with building your application as required,
  • Access from multiple devices.

Let us help take your current workflows and build them into a tight, secure, integrated package – or develop a professional-grade cloud-based product with basic skills using the ReviewTools platform. Leverage your product on our reputation of delivering professional cloud services for over ten years.

Our team can also provide:

  • Help with marketing via our existing networks,
  • Additional custom features if required,
  • Legendary personal support to get you up and running.

What could cost hundreds of thousands of dollars to build from scratch will soon be available to you on a PaaS (Platform as a Service) basis for a monthly subscription.

Contact us to talk about your idea, and how ReviewTools can get your application up and running fast.