9 March 2023

Audit Assistant has been making online collaboration tools for auditors for many years, so we thought why not use this incredible functionality to help accountants who prepare financial statements as well?

If you carry out the preparation of financial statements for audit, or review, or just want to have a great paperless compilation process to streamline your business advisory services practice, we have the tool for you.

The annual compilation file meets the need for a central digital repository for annual compilation work. It includes financial reporting checklists for:

  • Tier 1 and 2 Public Benefit Entities
  • Tier 1 and 2 For-Profit Entities
  • Tier 3 Public Benefit Entities
  • Special Purpose (SPFR for FPE) Companies

The output is a PDF that can then be sent directly to your auditor or reviewer, which contains most of what they will need for their work. Alternatively, you can give them direct access to the file so they can pull the data they need for their audit or review file.

Other great features include:

  • Checklists to gather data from your clients via the internet
  • Checklists for confirming compliance with SES-2 and Code of Ethics requirements
  • Standard engagement letters and completion letters including suggestions generated during the work
  • A requests feature whereby client queries are responded to directly into the file
  • Trial balance upload from Xero and other common software that populates ‘lead schedules’ for sections (income, expenditure, bank, debtors etc.)
  • PDFs or spreadsheets can then be added to the correct part of the file supporting the different items in the financial statements
  • External links may be added to say the business website, online repository or client online software
  • Journals may be created from the system that updates the trial balance and form source documents for posting to the client ledger
  • Key Documents such as minutes, constitutions, contracts etc may be uploaded and brought forward each year for reference
  • At completion, the job is rolled over, and ready for the next year, with much of the work just needing to be brought forward and updated for the new year
  • Rollover produces a PDF of the whole job plus attachments for archiving

More than 40% of NZ audit firms use our auditing software, so it makes sense to use our proven and familiar tools to prepare data for your auditor, saving time and hassle.

The Accountants Tool package is designed primarily for CA firms preparing multiple jobs but is also suitable for entities that prepare their performance reports and financial statements in-house. We provide special discount pricing packages in these cases.

Contact us to find out more or for a free demonstration.

21 February 2023

Is this project that we have all eagerly anticipated actually going to happen? It appears so. I recently attended an IFAC webinar (recording is here) that explained the latest developments.

I wrote about this back in 2021 when the draft standard was released. It seems that there has been a bit more clarity as to the application of the standard.

Originally groups were to be excluded from the scope of the standard, however, common sense has now prevailed and groups that meet LCE criteria may now be included. Using component auditors will be acceptable, as components don’t necessarily equate to complexity. An additional section has been added to the original exposure draft discussing the application to components and groups.

The webinar participants reiterated that the standard does not give a lesser level of assurance than a full ISA audit, and audit reports will be essentially unchanged. The standard focuses on core procedures and does not include much explanatory information. It is designed to follow the flow of an audit. It also uses more direct language than the ISAs.

Concerns had been expressed that there seemed to be too much judgment required in whether the standard could be applied. To clarify the scope, the IAASB has agreed to enhance the description of the qualitative characteristics of an LCE and will include an expectation for jurisdictions to determine quantitative thresholds, I assume in terms of say turnover, assets, staffing, or ownership complexity.

Since the LCE standard was proposed, we have had the new ISA 315 (revised 2019). This focus on risk identification and assessment has also flowed through to the LCE standard, with some revision of Part 6 to make it align more with the approach of ISA 315 (revised 2019).

Finally, when can we expect to enter this audit utopia? The finalisation date for the international standard is December 2023. It is then just a matter of how proactive the XRB and other key NZ stakeholders will be in adding any quantitative thresholds and releasing it into the wilds of Aotearoa.

This is going to be a game changer for auditors in NZ, as most of the work we do should fall into the scope of the LCE standard, and most charities and not-for-profits will have fit-for-purpose standards and not have to use auditing standards designed for multinational corporates. Auditors will be partying in the streets when this new standard is released.

7 December 2022

We’ve talked about risk assessment, professional scepticism, responding to identified risks, and the business model in terms of ISA 315 (revised 2019). But the bulk of the actual requirements of the standard (paragraphs 19-27) relate to, as the heading puts it: ‘Obtaining an Understanding of the Entity and Its Environment, the Applicable Financial Reporting Framework and the Entity’s System of Internal Control’. This is the topic of this article.

The new approach to understanding the entity and environment – especially its controls – is fairly significant. The easiest way to express this is to compare the requirements of the old ISA 315 with the revised 2019 version.

Entity and Environment

Paragraphs 19-20 address Understanding the Entity and Its Environment, and the Applicable Financial Reporting Framework.

Paragraph 19(a)(i) specifies that we obtain an understanding of the entity’s organisational structure, ownership and governance, and its business model, including the extent to which the business model integrates the use of IT. Understanding the organisational structure, ownership and governance were previously required under ISA 315, 11(b)(ii). The requirement to understand the business model, and the extent to which this integrates the use of IT is new. We have discussed this at length in a previous article.

Paragraph 19(a)(ii) specifies that we obtain an understanding of industry, regulatory and external factors. This was required in the old standard under paragraph 11(a). The supporting information in paragraphs A68-A73 is worth a read to refresh yourself as to the scope of what is required here. Good general knowledge of the economy, the current issues with the specific industry and the inputs and outputs of the entity are likely to be extremely helpful, and points to be discussed and documented in the team meeting.

Paragraph 19(a)(ii) specifies that we obtain an understanding of the measures used, internally and externally, to assess the entity’s financial performance. This replaces the old paragraph 11(e) requirement to obtain an understanding of the measurement and review of the entity’s financial performance. The difference is specifying internally and externally. The supporting information in paragraph A74 explains that this helps us to consider whether such measures, whether used externally or internally, may create pressure on the entity to achieve performance targets, motivating management to take actions that increase the susceptibility to misstatement due to management bias or fraud. Again, something to discuss in the team meeting. Paragraphs A74-A77 are well worth reading.

Paragraph 19(b) states that we obtain an understanding of the applicable financial reporting framework, and the entity’s accounting policies and the reasons for any changes thereto. This was covered previously in paragraph 11(c). There are three parts to consider: the applicability of the framework, how this fits with the actual policies, whether there have been any changes, and if so, whether are these justified.

Paragraph 19(c) states that we must obtain an understanding of how inherent risk factors affect the susceptibility of assertions to misstatement and the degree to which they do so, in the preparation of the financial statements in accordance with the applicable financial reporting framework, based on the understanding obtained in (a) and (b). This is new. If follows the emphasis in the revised ISA 315 on inherent risks. In paragraphs A87-A89 the emphasis is on susceptibility to misstatement relating to complexity or subjectivity. The greater the complexity or subjectivity, the greater the risk, and the more professional scepticism is required.

Finally, paragraph 20 requires us to evaluate whether the entity’s accounting policies are appropriate and consistent with the applicable financial reporting framework. This was also covered in the old 11(c) paragraph.

It is also interesting to note what has been dropped out. The old ISA 315 11(b) specified that we understand the operations of the entity, the types of investments that the entity is making and plans to make including investments in special-purpose entities, and how the entity is financed. These are all now covered in Appendix 1, which includes these and many more examples of matters to consider when understanding the entity.


The new standard splits the analysis of controls into:

  • the control environment (paragraph 21),
  • the risk assessment process (paragraphs 22-23),
  • the entity’s process to monitor the system of internal control (paragraph 24),
  • the information system and communication (paragraph 25) and
  • control activities (paragraph 26).

These components were previously covered in general terms in paragraphs 12-23 of the old standard, but the new standard is more specific and detailed and will require more work to provide the detail required. Each element must be separately assessed, even though there will be significant common ground. Note too that this work is required whether or not there is any reliance to be placed on controls. This is a risk assessment exercise.

For instance, we must now identify what controls, processes and structures address how management’s oversight responsibilities are carried out, such as the entity’s culture and management’s commitment to integrity and ethical values. (Paragraph 21(a)(i))

This seems a bit over the top for a smaller entity. This is where the scalability provisions can help. Paragraph A16 says: The nature and extent of risk assessment procedures will vary based on the nature and circumstances of the entity (e.g., the formality of the entity’s policies and procedures, and processes and systems). The auditor uses professional judgement to determine the nature and extent of the risk assessment procedures to be performed to meet the requirements of this ISA (NZ).

Paragraph A17 further states: Although the extent to which an entity’s policies and procedures, and processes and systems are formalized may vary, the auditor is still required to obtain the understanding in accordance with paragraphs 19,21,22, 24, 25 and 26.

It continues with an example: Some entities, including less complex entities, and particularly owner-managed entities, may not have established structured processes and systems (e.g., a risk assessment process or a process to monitor the system of internal control) or may have established processes or systems with limited documentation or a lack of consistency in how they are undertaken. When such systems and processes lack formality, the auditor may still be able to perform risk assessment procedures through observation and enquiry.

So we still need to ask the questions, but in the light of the small scale of the entity, on enquiry, the answer might be ‘no formal system, however, ethics are emphasised by example and in staff and board meetings.’

For smaller and less complex entities. meeting all the specific requirements of this part of ISA 315 (revised 2019) may seem tedious, but until we get a standard for LCEs it is, unfortunately, unavoidable.

<< previous article

21 October 2022

Ever wish you could take your current complex review and documentation processes and put them into one bespoke, secure, elegant online solution without spending hundreds of thousands of dollars? Now you can.

Or go next level and become a provider of that content, reselling it to other firms in your industry? This is what ReviewTools from Audit Assistant offers.  

Audit Assistant has been the online tool of choice for the majority of New Zealand SME financial auditors for over ten years. We have now taken this experience and applied it to building ReviewTools  – a secure platform for complex process and assurance work for a wider range of applications.

ReviewTools offers a flexible and powerful base with numerous built-in features that can be flexibly configured for all sorts of diverse, complex review applications.

ReviewTools is an ideal platform for small team collaboration in real-time in complex risk-based and standards-driven processes – perfect for industries and professions where documentation is critical, and evidence gathering and client interaction must be tracked within the application.

ReviewTools includes:

  • Integrated signup, customer management, billing and reports.
  • Built-in two-factor authentication,
  • Encrypted file storage,
  • A professionally hosted and maintained database,
  • Backup and restore service,
  • Risk assessment processes,
  • Customisable team roles,
  • Real-time team interaction,
  • Multi-level review processes,
  • Sampling and analytics tools,
  • Integrated letter and report creation,
  • Uploadable file attachment,
  • Annual rollover if required,
  • Client query tool
  • Invitation for client access to individual pages for data gathering,
  • Hyperlinks to online standards,
  • Dynamic job creation,
  • Export of completed work to PDF,
  • Full dashboard for work tracking and milestones,
  • Ability to customise structure and content as required,
  • Help from our staff with building your application as required,
  • Access from multiple devices.

Let us help take your current workflows and build them into a tight, secure, integrated package – or develop a professional-grade cloud-based product with basic skills using the ReviewTools platform. Leverage your product on our reputation of delivering professional cloud services for over ten years.

Our team can also provide:

  • Help with marketing via our existing networks,
  • Additional custom features if required,
  • Legendary personal support to get you up and running.

What could cost hundreds of thousands of dollars to build from scratch will soon be available to you on a PaaS (Platform as a Service) basis for a monthly subscription.

Contact us to talk about your idea, and how ReviewTools can get your application up and running fast.

28 September 2022

For those who prepare and audit financial statements for “small” (under $2m expenditure) charities and other not-for-profits, there are some important changes coming up. We have made a summary with some commentary about how we think this will impact the sector.

In New Zealand, these smaller entities are very common – there are about 30,000 of them including some soon to be included in this reporting under the Incorporated Societies Act 2022.

The Tier 3 standard continues to be accrual-based, and Tier 4 is a cash-based alternative for smaller entities (under $140k expenditure). This article focuses on Tier 3, which tends to be used much more than the cash-based standard even for many smaller entities as it is much more like traditional reporting. We will look briefly at the Tier 4 proposals at the end.

Service performance

When the standard was introduced there were no NZ reporting or auditing standards for Service Performance Information (SPI). Now we have PBE FRS 48 for Tier 1 and 2 entities, and NZ AS-1 for the audit of Service Performance Information across all the tiers.

In a way, the proposed changes in Tier 3 are simply following the direction set by PBE FRS 48 and NZ AS-1. The terms Outcome and Output were always confusing, so these are being replaced with more descriptive terminology as per PBE FRS 48. Entity Information is no longer a prescribed report, although the information is still expected to be included somewhere.

There is also some helpful guidance provided about what to report as SPI, and how to report it. Reporting must be:

  • Relevant and faithfully represented
  • Understandable
  • Timely and comparable
  • Verifiable

As such, any changes in reporting from the prior year must be explained, so there is consistency in reporting.

In our opinion, these changes are welcome and it makes sense to align SPI reporting with the other standards, as it should be more efficient for preparers and auditors, and more understandable to users.

From an audit perspective, NZ AS-1 is a complex standard that feels like overkill for auditors of smaller entities. Perhaps when the NZ version of the LCE auditing standard is released there may be something size-appropriate for auditing SPI.

Changes to standard revenue and expenditure categories

A common criticism of reporting under the existing Tier 3 standard is that the reporting categories are so broad as to be almost meaningless in some cases. The proposed changes split some of the categories into smaller classifications. For instance,

  • Commercial activities are split out;
  • Grants for capital projects are split from other grants;
  • Government funding is split from non-governmental funding;
  • Donations are now clearly differentiated from membership fees and subscriptions;
  • Employee remuneration (apparently including those paid as contractors) is to be split out from volunteer and other employee expenses.

Preparers of performance reports will be able to tweak the names of the categories, but will not be allowed to add additional categories as before. This is probably for aggregation and analysis purposes.

We think these changes generally make sense. They should make the statement of financial performance more meaningful and reduce the need for extensive notes breaking down the categories.

Revenue recognition changes

The existing standard is fairly inflexible in matching revenue from grants and other bequests and gifts with the use of that money. Donations with a use or return condition are recognised as the condition is fulfilled. Any income without such a condition is currently recognised in the period it was received.

Under the new proposals, if there is a clear expectation of when funds are to be used in terms of an agreed expectation from the grantor, the revenue may be recognised as or when the conditions are satisfied.

This seems like a clear, common-sense response, more in line with the commonly accepted matching principle of accrual accounting.

Alternative measurement for assets

Under the current standard, if fixed assets are revalued, the Tier 2 standard must be used. The proposal is to allow revaluation based on say, RV (rateable value) for land and buildings, or valuation by an independent qualified valuer. Changes are to be made straight to a revaluation reserve. The whole class of assets must be revalued. Once a revaluation is made there must be consistency going forward, with no changing back to other methods, and revaluation updates made on a regular schedule. Depreciation must still be calculated on revalued assets.

The rules are to be applied to assets that do not require significant judgement or complex estimates. Investment property may also be included as their own category under fixed assets and revalued in the same way. It is proposed that financial assets (shares etc.) be measured at their current value, with changes in value put through the statement of financial performance.

This all seems sensible and familiar to us, and simple enough for preparers and auditors.

Including a note on accumulated funds

At present, there are no requirements to disclose any details of accumulated funds. The proposal is that for transparency there be a note that discloses objectives and policies for managing accumulated funds, and any plans for applying accumulated funds to meet the entity objectives. The proposal is for this to be a high-level informational view and not a binding commitment.

We can see some advantages to this disclosure. First, it will make entities think about why they have significant reserves (if in fact, they do) and perhaps how they could be better using these to meet their objectives. If they view their reserves as investments, are they making the best use of their capital? Could they be meeting their objectives in more efficient ways with a redeployment of their equity?

On the other hand, many charities certainly don’t have excess cash or investments and their equity simply represents assets such as land and buildings that are essential to their service delivery. Having to make up a nice story to put into a note in these cases seems like a pointless exercise. This could also be difficult to audit.

Simplification to the statement of cash flows

Cash flow statements are typically a headache for both preparers of financial statements and auditors. Accounting software often struggles and the results are hard to audit and hard for users to understand.

The proposal is that the categories in the statement of cash flows match the categories in the statement of financial performance. It seems to be that the statement of cash flows is to be essentially a statement of receipts and payments.

We think this is a brilliant idea. It will be easier to prepare (just based on the cash report in Xero say), easier to audit, and probably more useful to users.

Change of name

The new standard is to be called Reporting Requirements for Tier 3 Not-For-Profit Entities. This is a welcome improvement from the old tongue twister.

Tier 4 proposed changes

There are a couple of changes proposed for Tier 4. These reflect the changes in categories proposed for Tier 3, some simplified requirements for really small entities (under $10k expenditure), changing the language around outcomes and outputs, removing the need for a statement of resources and commitment and replacing this with a note, and changing the name of Statement of Receipts and Payments to Statement of Cash Received and Cash Paid.

In general, these changes seem fairly trivial. The only comment I have is that the name change to Statement of Cash Received and Cash Paid could actually be confusing. Most non-accountants think of cash as the paper money we get out of ATMs, as opposed to direct payments and EFTPOS. A backwards and unnecessary step in my opinion. Perhaps Statement of Money Received and Money Paid would be clearer?

Overall marks

It seems as if the drafters of the proposed changes to the Tier 3 and 4 standards have taken time to test the wind well. They have listened to users, preparers and auditors alike and come up with a sensible result. Of course, there will always be details to iron out in the execution, and the submissions (ending 30 September) may encourage further changes. Overall we rate the proposals at a solid 9/10.

See the XRB page for links to the consultation documents and drafts.

26 August 2022

Kaizen, also known as continuous improvement, is a long-term approach to work that systematically seeks to achieve small, incremental changes in processes in order to improve efficiency and quality.

Kaizen can be applied to any kind of work, but it is perhaps best known for being used in lean manufacturing and lean programming. If a work environment practices kaizen, continuous improvement is the responsibility of every worker, not just a selected few.

Kaizen can be roughly translated from Japanese to mean ‘good change.‘ The philosophy behind kaizen is often credited to Dr W. Edwards Deming. Dr Deming was invited by Japanese industrial leaders and engineers to help rebuild Japan after World War II. He was honoured for his contributions by Emperor Hirohito and the Japanese Union of Scientists and Engineers.

One version of the ten basic Kaizen principles is as follows (my comments are added in italics):

  1. Throw out all your old fixed ideas on how to do things. Start with a clean slate every day, don’t get stuck in your old assumptions.
  2. No blame – treat others as you want to be treated. Encourage and affirm others in the team including yourself.
  3. Think positive – don’t say can’t. Lean into grace – there is always a way forward.
  4. Don’t wait for perfection – 50% improvement now is fine. Don’t get stuck waiting for perfection, keep moving forward and over time results will come. A few mistakes show that you are taking risks and that’s okay.
  5. Correct mistakes as soon as they are found. Be willing to admit mistakes and fix them in a timely way. It keeps your clients happy, encourages feedback and makes a better product.
  6. Don’t substitute money for thinking – Creativity before Capital. When you have the money you may not be more creative. Limits are great for new ideas.
  7. Keep asking “why?” until you get to the root cause. Don’t settle for overly simplistic solutions, or you will be treating the fruit instead of the root.
  8. Better the wisdom of 5 people than the expertise of 1. Group wisdom will see through the simplistic answers – you can’t beat the wisdom of experience.
  9. Base decisions on data not opinions. Make sure you have real evidence not just hearsay or guesses – check out your hunches and feelings against reality.
  10. Improvement is not made from a conference room! Be out there among the people – staff and clients asking them where improvement can be made. Test theory in the real world.

Dr Deming was one of the key originators of these principles, and reading his original ideas is refreshing and somewhat surprising in their timelessness, bluntness and practicality – and also in their wide application to almost any kind of business enterprise. 

In his book Out of the Crisis, Dr Deming shared his philosophy of continuous improvement (again my comments are added in italics):

  1. Create constancy of purpose toward improvement of product and service, with the aim to become competitive and to stay in business and to provide jobs. Have a clear philosophy – not just about money but about sustainability and job creation.
  2. Adopt the new philosophy. We are in a new economic age. Western management must awaken to the challenge, must learn their responsibilities, and take on leadership for change. Just do it – keep revisiting.
  3. Eliminate the need for inspection on a mass basis by building quality into the product in the first place. Do it the right first time as much as possible.
  4. End the practice of awarding business on the basis of price tag. Instead, minimise total cost. Move towards a single supplier for any one item, on a long-term relationship of loyalty and trust. Use local firms where possible, and use organisations and people that fit well – the overall result will be lower cost.
  5. Improve constantly and forever the system of production and service to improve quality and productivity and thus constantly decrease costs. Be constantly aware of how processes and systems may be improved and write these things down.
  6. Institute training on the job. Give time to this – don’t rely on external training, learning on the job will give greater satisfaction to staff as their skills increase. Don’t expect them to ‘just know’.
  7. Institute leadership. The aim of supervision should be to help people and machines and gadgets to do a better job. Be present and give and receive feedback on a regular basis.
  8. Drive out fear so that everyone may work effectively for the company. Be approachable, admit fault, be fair and empower others – it will win respect.
  9. Break down barriers between departments. People in research, design, sales and production must work as a team to foresee problems of production and use of the product or service. Communicate with co-workers, and treat everyone as of equal value. It will encourage work satisfaction, and team cohesion and so honesty and creativity will increase.
  10. Eliminate slogans, exhortations, and targets for the work force asking for zero defects and new levels of productivity. Such exhortations only create adversarial relationships, as the bulk of the causes of low quality and low productivity belong to the system and thus lie beyond the power of the work force.
    • Eliminate work standards (quotas) on the factory floor. Substitute with leadership.
    • Eliminate management by objective. Eliminate management by numbers and numerical goals. Instead substitute with leadership.
    • Encourage one another and accept mistakes as normal to learning and developing new, good things.
  11. Remove barriers that rob the hourly worker of his right to pride of workmanship. The responsibility of supervisors must be changed from sheer numbers to quality. Quality comes from focus and teamwork, not just pumping out work.
  12. Remove barriers that rob people in management and in engineering of their right to pride of workmanship. This means, inter alia, abolishment of the annual or merit rating and of management by objectives. Let people enjoy coming up with their own solutions, and taking responsibility for projects themselves.
  13. Institute a vigorous program of education and self-improvement. Encourage everyone to take time to ‘sharpen their saw.’
  14. Put everybody in the company to work to accomplish the transformation. The transformation is everybody’s job. Involve everyone, as much as possible in the wide view – talk about sales and marketing with engineering people, and help salespeople understand the technical challenges.

I like to review these steps periodically. Adding my own twist on the basic principles helps me stick with my “why” – the values that define my personal business philosophy.

When we start losing our “why” we start feeling uncomfortable in our work. Reviewing this helps us see where we are perhaps getting pulled off the track and what we have been neglecting. I can see a couple right now I need to work on. A great reality check!

24 August 2022

The concept of understanding an entity’s business model, including how it uses Information Technology (IT) is new in ISA 315 (Revised 2019).

Understanding the business model sounds like child’s play, but in the context of exploring inherent risks, it presents a powerful tool to understand the entity.

Paragraph 19(a)(i) tells us that:

The auditor shall perform risk assessment procedures to obtain an understanding of… The entity’s organisational structure, ownership and governance, and its business model, including the extent to which the business model integrates the use of IT.

Paragraph A61 explains why this is necessary.

Understanding the entity’s objectives, strategy and business model helps the auditor to understand the entity at a strategic level, and to understand the business risks the entity takes and faces. An understanding of the business risks that have an effect on the financial statements assists the auditor in identifying risks of material misstatement, since most business risks will eventually have financial consequences and, therefore, an effect on the financial statements.

Organisational structure, ownership and governance are generally simple enough to understand and document, but ‘business model’ is a more nebulous term. Looking at every business risk could be a rabbit hole that swallows a lot of audit time.

However, business risk itself is not a new concept. The old standard defined it as:

A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.

What actually is a business model?

Wikipedia defines a business model as follows:

In theory and practice, the term business model is used for a broad range of informal and formal descriptions to represent core aspects of an organization or business, including purpose, business process, target customers, offerings, strategies, infrastructure, organizational structures, sourcing, trading practices, and operational processes and policies including culture.

So our client may have adopted one of the following business models:

  • Bricks and mortar retail model
  • Value-added reseller model
  • Franchise model
  • Subscription model
  • Online sales retail model
  • B2B model – etc.

These are useful to identify and document in our file, but that is still very broad. Paragraph A62 tells us that ‘Not all aspects of the business model are relevant to the auditor’s understanding.’ We need only concern ourselves with those that give rise to the risk of material misstatement.

The standard itself, in Appendix 1(1), says:

The entity’s business model describes how the entity creates, preserves and captures financial or broader value, for its stakeholders.

This is all-encompassing but lacking in specifics. Appendix 1(3) tells us that a description of a business model typically includes:

  • The scope of the entity’s activities, and why it does them.
  • The entity’s structure and scale of its operations.
  • The markets or geographical or demographic spheres, and parts of the value chain, in which it operates, how it engages with those markets or spheres (main products, customer segments and distribution methods), and the basis on which it competes.
  • The entity’s business or operating processes (e.g., investment, financing and operating processes) employed in performing its activities, focusing on those parts of the business processes that are important in creating, preserving or capturing value.
  • The resources (e.g., financial, human, intellectual, environmental and technological) and other inputs and relationships (e.g., customers, competitors, suppliers and employees) that are necessary or important to its success.
  • How the entity’s business model integrates the use of IT in its interactions with customers, suppliers, lenders and other stakeholders through IT interfaces and other technologies.

These are all helpful points to consider and document in our audit work and to flag and analyse the inherent and control risk that we identify.

A 2014 paper by the UK and French standard setters discussing the role of the business model in financial statements state that the first time the term ‘business model’ appeared in the IFRS literature was in 2009 when IFRS 9 (Financial Instruments) was issued. In defining the term business model for use in reporting standards they say:

…there is overall agreement, as evidenced by the responses received, that if the term business model is used in financial reporting, it focuses on the value creation process of an entity, i.e. how the entity generates cash flows.

So moving in from the broad description, we need to start to identify how the entity generates cash flows. In a 2014 paper on Business Models in Integrated Reporting, IFAC state that:

An organization’s business model is its system of transforming inputs, through its business activities, into outputs and outcomes that aim to fulfil the organization’s strategic purposes and create value over the short, medium and long term.

Application to audit work

Cash flows are generated and value is added by a cycle of inputs and outputs. From a risk identification auditing perspective, this is a helpful paradigm, especially in our current climate. Continuing inputs of raw materials, labour, land and capital are no longer a given with complex regulation, supply chain issues, labour shortages, restrictions on land use, and the spectre of inflation.

Similarly, the ability to continue to assume a market based on these disruptions is not as certain as it was a few years ago. We live in uncertain times.

Paragraph A63 acknowledges this by giving the following examples of possible risks:

  • Inappropriate objectives or strategies, ineffective execution of strategies, or change or complexity.
  • A failure to recognise the need for change may also give rise to business risk, for example, from:
    • The development of new products or services that may fail;
    • A market which, even if successfully developed, is inadequate to support a product or service; or
    • Flaws in a product or service that may result in legal liability and reputational risk.
  • Incentives and pressures on management, which may result in intentional or unintentional management bias, and therefore affect the reasonableness of significant assumptions and the expectations of management or those charged with governance.

All these potential risks are exacerbated in uncertain times. Paragraph A64 lists specific matters we should consider:

  • Industry developments, such as the lack of personnel or expertise to deal with the changes in the industry;
  • New products and services that may lead to increased product liability;
  • Expansion of the entity’s business, and demand has not been accurately estimated;
  • New accounting requirements where there has been incomplete or improper implementation;
  • Regulatory requirements resulting in increased legal exposure;
  • Current and prospective financing requirements, such as loss of financing due to the entity’s inability to meet requirements;
  • Use of IT, such as the implementation of a new IT system that will affect both operations and financial reporting; or
  • The effects of implementing a strategy, particularly any effects that will lead to new accounting requirements.

Paragraph A65 points out that ‘Ordinarily, management identifies business risks and develops approaches to address them.’ so our risk assessment process should include assessing this as part of reviewing the internal controls, as under the old standard.

Appendix A(4) concludes:

A business risk may have an immediate consequence for the risk of material misstatement for classes of transactions, account balances, and disclosures at the assertion level or the financial statement level.

So to sum up, understand the business, think outside the square in terms of how inputs and outputs work, and what the associated risks might be. Then stay focussed on those things that actually represent a risk of material misstatement.

<< previous article next article >>

5 August 2022

Remember CAATs? This was an acronym for Computer Assisted Audit Tools – a general category for all things computery that helped us work with more efficiency and power.

Now that virtually all we do uses a computer, ISA 315 (Revised 2019) does not refer to CAATs but to Automated Tools and Techniques (ATTs).

This kind of thing gets audit software developers like us salivating like Fluffy when the fridge door opens. But let’s stay calm and examine what the standard says first.

So what do we know about ATTs?

The standard doesn’t define ATTs, however the recently issued IAASB First Time Implementation Guide simply calls them “procedures performed leveraging the use of technology”. These may be used for risk assessment procedures, and also for obtaining audit evidence. The IAASB points out that:

The procedures for obtaining audit evidence as set out in ISA 500, Audit Evidence, i.e., inspection, observation, external confirmation, recalculation, reperformance, analytical procedures and inquiry, continue to apply, regardless of whether those procedures are performed manually or using technology.

In matters like this, the new standard helpfully acknowledges that we may be auditing vastly divergent entities. Paragraph 9, titled ‘Scalability’, states:

This ISA (NZ) is intended for audits of all entities, regardless of size or complexity and the application material therefore incorporates specific considerations specific to both less and more complex entities, where appropriate.

It is up to the auditor’s judgement to determine whether to use an ATT or some more manual procedure. For instance, there would be no point in carrying out fancy data analytics for fixed assets additions where there are only a few items. Better to just use judgement. ATTs come into their own where there is so much data, or a level of opaqueness, such that the auditor cannot possibly just ‘eyeball’ the content.

Examples from the standard

Looking at some of the suggestions for the use of ATTs in the explanatory material, paragraph A21 suggests performing “risk assessment procedures on large volumes of data (from the general ledger, sub-ledgers or other operational data) including for analysis, recalculations, reperformance or reconciliations.”

Most of our users tend to do this by entering the trial balance data for up to four years, and then populating analytical review pages that show current to prior year movements, deviations from the budget if required and various key ratios over time. Identified risks may then be flagged and analysed as required directly from the TB or AR pages. Detailed recalculations, reperformance or reconciliations tend to be best done using a spreadsheet and adding to the file as an attachment.

Paragraph A57 suggests that the auditor use ATTs “to understand flows of transactions and processing as part of the auditor’s procedures to understand the information system.” This may provide insight into vendors, customers, and related parties, simply by sorting say a purchases ledger in a spreadsheet by supplier name, or using a search function to look for known related parties.

Paragraph A137 suggests using direct access to the entity’s database “by tracing journal entries, or other digital records related to a particular transaction, or an entire population of transactions, from initiation in the accounting records through to recording in the general ledger.” Typically an auditor is given access to say the Xero ledger and may use the built-in search functions there to drill down into the data for this purpose.

Paragraph A161 suggests that when reviewing journals or ledger accounts in less complex entities inspection of all the entries within a particular account, or all journals may well be possible. But in a more complex entity downloading to a spreadsheet and applying filters and sorting may give a good result.

In Audit Assistant, we provide a built-in sampling tool. A large dataset is extracted out of the client software and then uploaded. A sampling interval based on performance materiality (or adjusted performance materiality) is added. This generates a randomised CMA sample. Appropriate tests are then added to a generated table of results. Alternatively, a random sample of a specified number of samples may be generated, or the auditor may carry out their own sample in the spreadsheet first and then upload it for testing.

The auditor is encouraged to use automated techniques to assist in the identification of significant classes of transactions, account balances and disclosures in paragraph A203. This would typically only be helpful in complex entities. In less complex entities these become fairly obvious by reviewing trail balance and analytical review data as described above.

CAATs are our friends

So CAATS and ATTs are really not some big scary monsters that need to intimidate us. They are our servants – power tools that we pull out when a normal auditing screwdriver or hammer is too slow or not forceful enough. They become dangerous when the auditor uses them ‘just because they can’ without understanding what they are trying to achieve and why.

There is no substitute for learning to do the basics well and always working from first principles, and choosing a tool that we understand and can explain that will achieve our objectives most efficiently.

<<previous article next article>>

26 July 2022

There’s a new Act in town. And some people aren’t happy, claiming that this could be an ‘extinction event’ for many small clubs. The 1908 Act was predictably relaxed, out of step with modern regulation and reporting, so an update was needed.

So what does the new Incorporated Societies Act entail for these entities, and for those who prepare and audit the financial statements? Is the fear justified?

Changes for entities

No Incorporated Societies can just carry on as normal. All will need to update their constitutions and re-register. Companies Office guidance suggests the final date to transition will be April 2026. They also provide a handy Constitution Building tool.

Regulations are currently being developed to support the new Act. These should be completed by September 2023 so that entities can start to transition.

What we do know from the Act, however, is that under section 74 a society must have at least 10 members to register. This is a decrease from the 15 members required under the old Act. Under section 45 of the new Act, a society must have a committee, but this only needs to comprise 3 or more qualified officers. This committee is the ”governing body of the society” – the responsible parties.

There is concern that the extra responsibility being laid upon mostly voluntary committee members may make the slots hard to fill. The obligations are much closer to a company director than the casual committee member of the past. Under section 51 an officer remains specifically liable for acts and omissions and decisions made while they were an officer even after they have resigned.

The Act takes into account that many small entities may not want to re-register, so it provides an amalgamation process to enable groups of small, similar entities to amalgamate under one umbrella. Whether this will be used much, we shall see.

How to report?

Charities Services report that “there are about 24,000 incorporated societies in New Zealand, and about 7,000 of those are registered as charities.” These 7,000, like all charities, will be reporting under the Public Benefit Entity (PBE) reporting regime, which is now well established.

For the other 17,000, reporting will depend mainly on size. At present these entities may be using special purpose reporting or generally accepted accounting practices (GAAP). Section 102 provides three categories:

  • specified not-for-profit entity
  • small society
  • other

An entity is defined as a specified not-for-profit entity in the Financial Reporting Act 2013 S46  if, in each of the 2 preceding accounting periods of the entity, the total operating payments of the entity are $140,000 or more. These are required to prepare financial statements that comply with GAAP. Our Tier 1 and 2 standards plus our Tier 3 PBE standard are GAAP. Tier 4 and Special Purpose are not GAAP.

A small society has total operating payments and total current assets of less than $50,000 in each of the 2 preceding accounting periods. It also may not be a donee organisation under section LD 3(2) of the Income Tax Act 2007. These include charitable entities entitled to issue tax-deductible receipts for donations received. Many small clubs would fall into the small category. These may choose to prepare either GAAP-compliant financial statements or a non-GAAP standard or the minimum requirements as set out in section 104 of the 2022 Act. The minimum requirements statements must contain the following information:

(i) the income and expenditure, or receipts and payments, of the society during the accounting period; and

(ii) the assets and liabilities of the society at the close of the accounting period; and

(iii) all mortgages, charges, and other security interests of any description affecting any of the property of the society at the close of the accounting period

Associations that don’t fit into either category – the “others” – will generally be those with expenditure over $50,000 and under $140,000 in the previous two periods. They may choose whether to apply GAAP or non-GAAP.

What about the requirement for audit?

Of course, any Incorporated Society may opt to be audited, but some must be audited under the Act.

These are classed as “large” (as defined by S45 of the Financial Reporting Act 2013) if as at the balance date of each of the 2 preceding accounting periods, the total assets of the entity and its subsidiaries (if any) exceed $66 million or in each of the 2 preceding accounting periods, the total revenue of the entity and its subsidiaries (if any) exceeds $33 million.

The end of Society?

So will this be an ‘extinction’ event for societies or provide momentum for a new burst of energy? Both outcomes are likely, depending on the state of the society. It will certainly drain the limited resources of struggling clubs to have to lift their game to a new level.

In this age of declining volunteerism and reliance on sponsorship, the change may lead to fewer societies, but adaptations will be made for more efficient operations and more professional style management in those who survive.

25 July 2022

Does your firm administer any family trusts? Then you will no doubt be aware of the increased requirements under the Trusts Act 2019 for ensuring all the data about the Trust is up to date.

To help achieve this, we have, in collaboration with a large local Accountancy firm, developed a simple questionnaire to be shared annually with the trustee contact, that asks all the relevant questions to make sure that the accountant’s records are correct.

There are four actions required:

STEP 1: Set up the Trust using the Annual Trust Review Questionnaire template. Add the name of the trust, appointment date and save (the questionnaire itself is undated – the important date is when it is signed off).


STEP 2: Add the current trustees and beneficiaries as contacts. These can be imported using a special .CSV template that we have attached to the A1 page, from data obtained from your records (or the details may be added one at a time if there are only a few).


Note that the Role column should specify whether the person or entity is a Trustee, Beneficiary or both  – note format for both uses the vertical line or “pipe” character (|).


The contacts will then be added to the file so that they will appear on the questionnaire.


STEP 3: Then share the questionnaire page with the relevant contact. Select the name from the dropdown and click add – this will generate a link to be emailed to the client. Alternatively use the tick-box “Automatically send link to user” to generate an email directly off the system.


They receive an email from your firms asking them to follow the link and complete the details. Following the link they are asked to confirm their identity:


Then they see the existing trustee and beneficiary contact details and are asked if any changes have been made.


If so a dialogue box asks them to type in the new details. There are also questions for all the other information that needs to be asked under the Act. Once complete the accountant is notified.


STEP 4: The accountant then updates the records held by their firm, and takes any further actions required. 

Once complete the jobs may be saved to PDF then deleted off the system, or rolled over and reused in the subsequent year.

Note: We can assist with bulk client creation, contact data import, and even bulk sharing if required, as we do for normal client annual data collection questionnaires

This content is accessible in our Tools for Accountants packages, along with financial reporting checklists and other compilation tools. Contact us for more details.