Author: webadmin

31 March 2020

This is our theme for 2020. We want to proactively assist our users to become more equipped, skilled, efficient and profitable. Here are some ideas:

Have us assess your practice

We often find that firms that are struggling with their documentation and staying current benefit hugely by having us look through the kind of work they do, having a conversation around problems and challenges and having us make some recommendations about what they could be doing (which may include some or all of the following). This discussion often takes place informally in the context of training, however we are happy to do this at a basic level as a free service on request.

Think outside your location

In the current audit environment, where many smaller part-time audit firms are opting out of audit,  there is a great need for other firms to take up the slack, especially in the more remote regions. By embracing paperless, cloud-based technology like Audit Assistant there is no real disadvantage auditing small entities remotely. Have you thought about following your networks and your specialisations to regions where there are few or no auditors?

Use all our online connection tools

Sharing pages to gather data, complete checklists and otherwise interact with clients is a non-brainer when it comes to efficiencies, yet many firms still don’t use these to their fullest. New features introduced over the last 12 months like to ability to customise pages prior to sharing, hiding sections, getting prompts when clients complete their work have made this even better. Plus we are working on some clever new interaction tools.

Upload your testing data and trial balance

Much efficiency is gained by creating a testing sample in Excel then uploading this to our substantive testing pages, yet this is not used nearly as much as it could be. Once the data is loaded tests are run against the sample, scans may be attached and errors notes – all within the software. Similarly trial balance data is now easier to upload and manipulate. Xero Trial Balances are now a one-click upload. 

Embrace paperless – attach and link

Having everything is in the digital file means it is all secure, backed up, and assessable from anywhere. Apps like Microsoft Office Lens make scanning from your device while on fieldwork far easier. These can then be uploaded back at the office. Remember that in most cases attachments may be added by simply dragging and dropping onto the appropriate work item. Remember too that links to external sites and repositories may be added using the attachments tool.

Review concurrently and use our review tools

A huge advantage of cloud-based real-time audit software is the ability to review jobs in smaller, more timely chunks. A reviewer can jump into a job when they have a spare ten minutes, add review notes if required on pages in progress and head off any potential rabbit trails that staff may be on. No need to wait until the file arrives just hours before sign-off is required, and finding that there are plot-holes in the story. If a firm is not using the review tools they are missing out on huge efficiencies.

Use the right templates

We have now introduced a prompt to tell users if there is a better/newer version of a job type that they could/should be using. In some cases this is critical where a standard has been updated. We don’t force these changes as in some cases there may be a good reason to stay on an older version (say doing a job that relates to an earlier period) but this is rare. In general if there is a new version flagged this should be adopted as a matter of course – especially after roll-over. Most of your data will be retained (that which relates to the old job type will be dropped) and you will be assured you are using current content. In the worst case you can always roll back the job using duplicate/restore.

Become an accredited user firm and list on our website

We have provided a service for some time of listing firms who wish to do so on our website (soon to be upgraded) and this free service will continue, however we are also introducing a firm accreditation system, whereby if a firm has been with us more than six months, and we have carried out training and/or file reviews, we will list them on our website as accredited users, and allow them to use our Audit Assistant branding to enhance their reputation with their clients or potential clients. 

Use us to assist with your quality control

We offer a file review service whereby firms submit names of jobs for us to review and provide a written report including recommendations on how to use Audit Assistant better. This can be part of a practice assessment, lead to training in identified areas, and/or form part of your formal quality control process. Our report also contains feedback on how the file holds together and how it has addressed the auditing standards and best practice. This service is charged on an hourly basis.

Book a training session

There’s nothing like taking time to sharpen your tools. This is what training does – gives firms a chance to pause, take breath and look at alternative ways to do better work. Bad habits can be left behind and better ways learned. We carry out training in-house if required, combined by area for new users and smaller firms, and also from time to time carry out workshops around issues of special interest. There is a fee charged for training sessions. 

Let us help with data migration or fee purchase

Sometimes firms hesitate adding all their work onto Audit Assistant because the time required for set up with many jobs can be unappealing. We can help with data migration and job setup – either just creating a bulk lot of clients with contact details, or by adding trial balance data. This is a custom service that depends on the specific need so contact us to discuss. We can also transfer jobs from another user in the case of sale and purchase of a block of fees. We can also connect firms either selling or wanting to buy a block of fees.

Tell us what you need from us

We’re here to help! Any requests, ideas, or suggestion are appreciated. If you can see an opportunity for us to develop some new content that may have wider commercial value please get in touch. Or if you want a new feature or service just ask. If we have enough requests we will find a way.

Note that most of these ideas can also apply to your compilation work as well. 

Please contact us to discuss further these ways we can partner with you to enhance your business and lifestyle

To help our users prepare for their next review – to get the proverbial ducks in a row – I requested the CAANZ NZ auditor oversight team to provide a list of the main issues encountered in their review work with audit firms. 

They were kind enough to send me notes from a recent presentation which included these very topics (for all audit firms – not just our users).So here are the main points, along with my commentary and suggestions about how to best use Audit Assistant to address these common problem areas:

1.  Audit / review report not compliant with standards

Our standard audit reports are designed for all types of jobs, and different permutations and outcomes, however they are not foolproof. Common mistakes include:

• Using an out of date audit template which includes an out-of-date audit report: With help from Bill Heritage we updated all our reports in 2016 when the reporting standards changed. If users are using an old template our system now prompts for an update with a red flag-box at the top of the page. Updating is easy and users are then assured of the correct audit report.
• Incomplete or incorrect reports: Using the correct report still may not produce a complete report if the wrong boxes have been ticked, or not ticked at all earlier in the job. Read the produced report carefully to make sure it makes sense and all essential parts are included. Use the Customise/Edit button to open up the detail on the page to see if something is missing or wrong and follow the hyper-links back to correct.
• When the standard reports don’t fit: Occasionally there will be some odd situation that we haven’t covered. In these cases use the Customise/Edit button to open and create the custom changes needed. Or use Copy to Clipboard and carry out a final edit in Word.
• Using your own out-of-date reports: To check if your reports are up to date we suggest checking your reports against ours, and use our checklists to find out where your reports are lacking.

And please if you do find an error or omission in our reports – or have a suggestion for improvements – let us know.

2. Not identifying that the financial statements do not comply with the reporting framework

At the beginning of each audit template we ask which reporting framework is being adopted and whether this is appropriate. There is also a testing tool included to make sure the framework actually fits the job. We also provide financial reporting checklists that allow the auditor check the disclosure and presentation in detail for compliance with the chosen framework. If an issue of non-compliance is found we suggest users:

• Note the problem and flag the issue – either as a risk, an adjustment, a management letter point, for follow up, or a key issue for partner attention or combination of the above depending on the kind of non-compliance.
• This will ensure that the point is not overlooked, and an adequate response is made, either by the client rectifying the issue or the appropriate note included and modification added to the audit report.

3.  Independence threats (self-review / long association)

Practice review seems to be requesting firms to have peer reviews carried out for jobs where there is a long association. The risk is that familiarity can bring a certain blindness that another auditor may easily spot. This is a particular issue for smaller firms where internal review or rotation of staff and partners is not possible. We suggest:

• Find another local firm of similar size and style and create reciprocal review agreement.
• We have acted as “matchmaker” in one case so far. We are happy to offer this as a free service to our users.
• Use our review service – this also serves as a training exercise in the use of Audit Assistant. While we are not “qualified auditors”, we find that so far our review has fulfilled quality control requirements.
  

4. Lack of clarity about opinion modifications (e.g. which revenue streams are affected)

When a modification is made to an audit report, there is a prompt to make a paragraph describing the basis of the modification.

• We do not provide any standard wording for this as every situation is likely to be unique so it is up to the auditor to provide a sufficiently precise statement.
• In these cases it may be a good idea to involve a peer reviewer (as above) to ensure that this essential wording is clear.

5. Going concern requirements not met (audit report and financial statements)

Again this is an issue of using the correct audit report, and considering the requirements of the standards.

• Auditors are required to ask whether a preliminary assessment of the entity’s ability to continue as a going concern has been carried out by the client, evaluate that assessment, and if not to discuss with client and record the discussion and evaluate (ISA(NZ)570,10).
• The financial reporting checklists will assist in checking the disclosure requirements of the relevant reporting standards.

6. Staff members completing Audit Assistant with little apparent understanding / No evidence that the engagement partner has taken responsibility for the direction, supervision and performance of the audit

These were two separate items in the notes, but they seem to relate closely. Within Audit Assistant:

• The partner is required to sign off the A1 control page which concludes the whole job. This implies that they have taken responsibility for approval and supervision of the work.
• There are a number of other pages that the partner should either be concluding or reviewing, such as the risk assessment page, the audit summary page, and the quality control page.
• We provide full training for users, so if this is you please contact us and book a training session.
• Download the latest user handbook.

7. Insufficient (or non-existent) audit documentation

Obviously not talking about Audit Assistant users 🙂

8. Has not demonstrated professional scepticism

The notes point out that there may be no single way in which the auditor’s professional scepticism is documented. It is more an attitude of having a questioning mind, being alert to anything that may indicate misstatement due to error or fraud and critically assessing audit evidence. Nevertheless the audit documentation should provide evidence of the auditor’s exercise of professional scepticism in accordance with the ISAs (NZ), addressing questions such as:

• Has the auditor responded appropriately in circumstances when inconsistent or contradictory audit evidence was obtained?
• Does the documentation indicate alertness to anything that may indicate misstatement due to error or fraud?
• Has the auditor sought evidence to challenge rather than just corroborate management’s assertions?
• If information is inconsistent with the auditor’s final conclusion regarding a significant matter, have they documented how the inconsistency was addressed?

9. Inappropriate sample sizes

As part of the audit documentation, there must be a logical connection made between sample size for test of details with factors such as:

• Assessment of risk.
• Use of other substantive procedures directed at the same assertion.
• Ability to stratify the population.

Thought must be applied to reducing sampling risk to an acceptable level, and the logic of the decision must be documented.

The notes point out that two types of conclusion can result if this connection is not made:

• That a material misstatement does not exist when in fact it does.
• That a material misstatement does exist when in fact it does not.

Within Audit Assistant we prompt for these kinds of discussions as part of our planning and tests of details areas.

We hope this tips give some direction as to where you might consider some internal training or updates to procedures. Please contact us if you have any questions or comments about any of these issues or would like any assistance.

Following on from our previous article regarding the Audit of Less Complex Entities (LCEs), we spoke to a number of our user firms and, along with 78 others stakeholders globally, responded to the IAASB request for submissions.

The LCE discussion has tended to focus on smaller for-profit entities that make a direct economic contribution, but in New Zealand the LCE field is dominated by not-for-profits. We estimate that NFP/LCE jobs done using Audit Assistant outnumber LCE for-profit jobs by about 4:1.

From user feedback, the mismatch of International Auditing Standards (ISAs) with the audit requirements of the humble but exceedingly numerous garden-variety NZ not-for-profit (charities, clubs, associations etc) seems to be the major issue. 

At a social level it is critical that small charities, clubs and other not-for-profits remain viable and accountable, as these entities create a disproportionate amount of social cohesion which flows down into all sorts of positive social (and therefore ultimately also economic) outcomes. If the herbs that nurture society are neglected we not only lose our flavour but our health. So the social cost of inappropriate audit standards may well be an overlooked factor in this discussion.

Obtaining an audit is a significant but necessary overhead if an entity is seeking funding. Funders won’t include the cost of audit in grants and the funding is not guaranteed just because the audit is done. So this is a great burden. 

There are an estimated 110,000 of these types of entities in NZ – most of which would be LCEs. If we assume that a half of these are subject to or want an audit we have about 55,000 LCE NFP audits. If the real cost of audits has increased by say $1500/entity under the ISAs, that is a cost of $82m p.a. to an already struggling sector. 

Industrial grade standards

Internationally applicable standards focussing mainly on large for-profit entities were developed in the context of globalism and the GFC.  Although these international issues had little direct effect or relevance to LCEs in general, the result was highly technical standards lacking clear help or relevance for smaller non-profits and a crippling audit fee increase without any real quality gain. We have taken an industrial approach to standards.

This may be necessary for industrial-scale entities, but there is no room for the combine harvester in the back-yard herb garden.

No wonder then that in New Zealand many smaller and provincial accounting firms that carried out perfectly adequate audit work at a scale appropriate to LCEs have dropped out because they do not have the time, staff or resources to carry out ISA-compliant audits.

In turn the entities they previously audited have either had to pay much higher fees to large city firms, stop being audited voluntarily (if under the threshold for compulsory audit) or potentially close because they are already financially pressed and dependant on overstressed volunteers. So the garden withers.

What can be done?

As part of my research and reflection I reviewed the pre-ISA New Zealand Auditing Standards and Guidelines (March 1996). These were an attempt to set some basic markers and guidance for audit work in New Zealand based on best auditing practice applied to our context. In my opinion they actually read very well in many respects, explaining concisely the key issues of risk-based auditing.

The obvious observation after reading through these older standards (as noted in the LCE discussion paper) is the sheer bulk of the ISAs (approximately 1200 pages) compared to the 1996 standards (265 pages including guidance).

At the risk of sounding like an old guy longing for the “good old days”, I was surprised how clear the 1996 standards were and imagined how easy and useful it would be just to go back to those for New Zealand LCEs (with some appropriate updates of course for the changing business environment since the 1990s).

The barrier to this kind of approach is the insistence by the international standard setters that to maintain audit quality and consistency the LCE approach must be international. My question is why?

Do we need international standards for LCEs?

The discussion paper includes a working definition of LCEs as: 

“An entity which typically possesses qualitative characteristics such as:

1. Concentration of ownership and management in a small number of individuals (often a single individual – either a natural person or another enterprise that owns the entity provided the owner exhibits the relevant qualitative characteristics); and
2. One or more of the following:
   i. Straightforward or uncomplicated transactions; ii. Simple record-keeping; iii. Few lines of business and few products within business lines; iv. Few internal controls; v. Few levels of management with responsibility for a broad range of controls; or vi. Few personnel, many having a wide range of duties.”

ISAs were made to respond to global realities, buts most LCEs discussed above operate at a local level. So why do we actually need an international standard or standards for LCEs? 

If we added to the above criteria “that the entity has limited or no overseas interests” this would effectively remove the need for compliance with international standards at all. This changes the whole discussion. If an entity has any sort of overseas ownership or subsidiaries or significant trade whereby suppliers or customers relied on the audit work they would be required to produce audit reports in terms of the ISAs. 

In New Zealand this would probably remove the majority of our audit work from the ISA net without any risk to our international reputation, at the same time enhancing our charity and social services sector. Why not apply the same criteria to for-profits, also relieving them of the same burden?

It could actually be a good thing for these standards to not be international as the audit requirements may be more effective if localised for the context. It would also be easier to maintain these standards without a full international approval and adoption process. 

Could we return to nurturing these humble but necessary small-holdings with appropriately scaled, locally nurtured standards? I’d love to hear your feedback. 

In recent decades the creep in complexity in the International Auditing Standards (ISAs) has made it difficult for auditors to do appropriate and cost-effective audit work for their SME clients.

Using the full might of the ISAs on something like the local bowling club is a bit like using a rocket launcher to kill a mouse.

The IIASB has acknowledged this is a recent discussion paper. The chairman, Prof. Arnold Schilder says:

“Smaller entities make a critical contribution to the world economy, and quantitatively the majority of audits globally are audits of smaller entities. The ongoing challenges relating to the complexity and difficulties in applying the International Standards on Auditing (ISAs) faced by those auditing smaller entities is an area that is of particular importance to the Board, and to me personally.”

The paper uses the term “Less Complex Entities” (LCEs). The IAASB Glossary defines these as entities which typically possesses qualitative characteristics such as:

a. Concentration of ownership and management in a small number of individuals (often a single individual – either a natural person or another enterprise that owns the entity provided the owner exhibits the relevant qualitative characteristics); and

b. One or more of the following:

i. Straightforward or uncomplicated transactions;
ii. Simple record-keeping;
iii. Few lines of business and few products within business lines;
iv. Few internal controls;
v. Few levels of management with responsibility for a broad range of controls; or
vi. Few personnel, many having a wide range of duties.

The report acknowledges that 129 jurisdictions use, or are committed to using, the ISAs (up from some 90 countries in the mid-2000’s), however the vast majority of entities being audited are being saddled with requirements designed for large complex entities.

They state that “there is a growing perception in some jurisdictions that the increasing length and complexity of standards may lead to overly costly audits in the LCE sector of their economy.” This is what I hear from our clients all the time.

The scope and complexity of the ISAs can then actually act as a barrier to auditors reading and understanding them, result in a perceived ‘checklist-approach,’ with a greater focus on compliance rather than using professional judgment, leading to increased documentation in audit files, with no perceived commensurate benefit (!)

So what has been designed to increase audit quality can potentially lead to a reduction in audit quality as the auditor, overwhelmed by the content and requirements, struggles just to complete the checklists, taking his or her eye off the real task, and in the process blows a huge hole in the wall while the mouse runs away!

So where is this going? IFAC has developed a “Guide to Using ISAs in the Audits of Small and Medium Sized Entities”. There is some great content and background reading but if you are looking for shortcuts it doesn’t really reduce complexity that much.

The Nordic Federation of Public Accountants has produced an excellent draft standard called “Nordic Standard for Audits of Small Entities”. This basically reduces all the essentials of the ISAs into one standard. 

In our development of our audit templates we are always aware of this tension between complying with the full requirements of all the ISAs and taking a sensible approach for our users whose client base often consists solely or mainly of SME/LCE type work. A template based on the Nordic Standard would be awesome, but may not perhaps please Practice Review.

We always welcome suggestions from users as to how we can cater better for LCEs, so please do contact us with your suggestions. We follow this discussion from IAASB with interest.

As I’m reviewing audit files I like to feel as if I’m reading a thriller, or at least a mystery story.

The introduction sets the scene, including the characters and their world. Then we start to see the stakes – what is at risk? What do the characters want? What dangers are there that our heroes have to overcome?

Once the hero (which is you – the auditor) – identifies these things, then they set about solving the mystery. How will they approach it best to make sure that they aren’t side-tracked onto irrelevant issues that aren’t really that critical to the plot? How do they stay focussed, and lead their trusty side-kicks safely through to a satisfactory outcome so that they survive to live the (even more exciting) sequel?

The brave adventurers set out on their great quest. What do they do when the unexpected plot twists come up? Do they stay alert or are they lulled into boredom on the long journey, or tricked by some evil mastermind into missing some hidden piece of the puzzle? Are they intimidated by their fierce enemies to back down and take an easier path that leads to a dead end? Can they see through their quest to the end?

Okay so it’s not always quite that exciting doing an audit. But nevertheless all audits follow a clear story that encompasses many of standard tropes of a good story. And most importantly the reader of an audit file should be able to discern a clear story arc. I would describe this as follows:

1. What is the setting (entity and environment)?
2. What does our mission entail (scope and legislative requirements)?
3. Who are the key characters and stakeholders and how they relate to the entity and to each other (risk, related parties, fraud)?
4. Who will be reading our story – or at least the final chapter – our audit report (user needs)?
5. What details can we skim over and what do we need to include so we don’t miss anything important (materiality)?
6. What are the key points we need to focus on where things could go badly wrong (documentation specific risks including how the entity deals with it own risks)?
7. What the risks are that our mission could fail (reducing audit risk to an acceptable level)?
8. How can we meet this goal by choosing the combination of approaches that is most efficient – based on assessed risks and materiality?
9. How much we will rely on the client’s own controls, how much we will rely on analytical review, and how much we will have to cover by testing transactions by sampling (our Risk Analysis, Strategy and Plan)?
10. How do we make sure we focus on our plan and don’t get side tracked – UNLESS something pops out that we didn’t know about – the dreaded plot-twist (revisting planning)?
11. What have we found out about the big issues we identified in our planning (summarise the whole job on – Audit Summary Information page – what we identified as the big issues -medium, high and significant risks and key issues – any changes we had to make along the way, and anything else that is really important – errors we found or indications of fraud for instance)?
12. Is our work is sufficient to meet our goals?
13. Pull together a report that encompasses all the important findings above.

Many audit files contain lots of good work, but don’t necessarily hold together the story arc that makes a good audit file. Often the story is in the auditors head, but they haven’t recorded it that well. The story is either cluttered with too much detail or missing some important detail on which the whole plot hangs. 

So when you are completing your next audit file, sit back and imagine you are reading a story. Does it contain all the elements above, or are there holes in the plot? Is it as big as Lord of the Rings but not nearly so interesting? Is there a clear story running through the whole file, so that someone else could read it and feel like they were right there with you on your adventure?

Anyone who has been audited or who carries out audits know that there has been significant creep in requirements and subsequently costs over the least decade or so. This has made the other alternative – the Review Engagement – an alternative worth considering.

What is a Review Engagement?

It is a high-level assessment of financial statements by an independent professional providing comfort to the users of financial statements that nothing has come to the reviewer’s attention that indicates that the financial statements do not give a true and fair view/are not fairly presented. Appropriate enquiry or analytical tests are devised to give “limited assurance” that these are not materially misstated as opposed to “reasonable assurance” (in the case of Audit).

This is by definition a lower degree of assurance than required by the Audit standards. There are a raft of Audit standards, but essentially only one Review standard (ISRE (NZ) 2400). Like an Audit, preparation of financial statements remains the responsibility of the entity, risks are identified and materiality is considered, and the reviewer must understand the entity and its environment. But beyond that there is significant divergence.

Leave the tool box at home

Based on all these standards the auditor uses a whole box of tools. Compared to this the assurance practitioner carrying out a Review is like a plumber that just shows up with a wrench and hammer. This is the major difference between Review and Audit. The Review uses just two main tools: analytical review and enquiry. Analytical review is all about looking for relationships – this year to prior, budget to actual, financial to non-financial data (service performance for instance), KPI’s, relationship between different elements in the financial statements and so on. Enquiry is quite prescriptive, but must extend further if warranted.

The reviewer’s report says that “…nothing has come to our attention…” This negative assurance doesn’t mean that the reviewer can be deliberately ignorant, but that as a suitably qualified and experienced person they are walking through the financial statements looking for things that may not “add up” (analytical review) and making suitable enquiries where necessary.

Start sniffing

Unlike an auditor, review practitioners are not required to test details unless their enquiry and analytical review turns up something they just can’t ignore. They are a bit like a “sniffer dog” in this sense. Their understanding of the entity tells them what sort of bad smells they should be looking for. Their risk assessment tells them where they should be sniffing. Their materiality assessment tells them what level of sensitivity to sniff to.

Then they start sniffing. If it smells okay it is okay and they can move on. Nothing has come to their attention. If they find a smell they make further enquiries and satisfy themselves that all is well. And if all is not well they may extend their work or modify their conclusion (as opposed to an opinion in an Audit).

Who can use this option?

Registered charities with expenses of under $1million may opt for a Review rather than an Audit. Unregistered charities and associations, clubs etc may opt for a Review as can privately owned local companies. However many entities are required to be audited in terms of their trust deed, by their constitutions or because of some legal or funder requirement so please check!

So are they really a cheaper option?

If done according to the standard, and if the job is straightforward – yes. If the auditor remembers to leave the toolbox at home and just use their two tools, their work will provide a satisfying level of assurance well beyond a compilation engagement that should be of great comfort to members, shareholders, funders and other key stakeholders. And if the practitioner can avoid digging up every old bone in the garden and just stick to the plan they will fulfil the requirements of the Review standard and do a good, economical job.

How can we help?

Review Engagements are an increasingly popular option for assurance professionals. Audit Assistant provides specific templates for different kinds of Review Engagements so that this work is carried out in a compliant and cost effective manner. Contact us for more details of what we provide.

What is the issue here?

When a casual reader reads an audit report they expect to see a phrase that says something like “true and fair” or the more recent “fairly presented”. These are the words that indicate a “clean” report – so no need to read all the other boring detail!

The problem is – what about if those words are missing? What if the report just says “In our opinion, the accompanying financial statements of Client X Limited for the year ended xxxxx are prepared, in all material respects in accordance with the accounting policies stated in Note X,” [or whatever might be appropriate] And that’s it? Nothing about true and fair or fairly presented?

The wording above is what we are required to use in terms of ISA (NZ) 800 (revised) Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks if we are auditing certain kinds of financial statements. For example Illustration 2 from that standard:

If auditing financial statements that are not prepared in terms of a fair presentation framework we cannot use any other phrases apart from “…prepared, in all material respects, in accordance with (or in terms of) …”. This is a “compliance framework” as opposed to “fair presentation” framework.

Does this apply to all special purpose reporting?

This is where the confusion arises. Special purpose reporting is likely to be compliance framework rather than fair presentation framework, but this is not always the case. 

ISA (NZ) 800 (6(b) says:

In addition, Paragraphs A2 and A3 of ISA (NZ) 800 state that it is possible for a special purpose framework set by an “authorised or recognised standards setting organisation” to be a fair presentation framework. 

What about the common special purpose frameworks?

The (surprisingly) popular “A Special Purpose Financial Reporting Framework for use by For-Profit Entities” (SPFR for FPEs) issued by CAANZ is an example of special purpose that is a fair presentation framework. This is explicitly stated in paragraph 1.12:

Similarly the Public Benefit Entity Simple Format Reporting – Accrual (not-for-profit)SFR – A (NFP)standard (Tier 3 PBE) is also “fair presentation” (A10):

Note however Public Benefit Entity Simple Format Reporting – Cash (Not-For-Profit) (PBE SFR-C (NFP)) is not a fair presentation framework.

What happens when strict application of the fair presentation framework doesn’t make sense?

As noted above fair presentation is not achieved automatically by sticking rigorously to the standard, but must also meet the goals of relevance, reliability, comparability and understandability. 

The SPFR for FPEs framework issues a caveat along the same lines when it says (paragraph 1.13):

So some rare cases may warrant a departure from the letter of the framework to achieve fair presentation. In these cases we need to have to look at the disclosures and make sure that:

• management has concluded that the financial statements present fairly the entity’s financial position, financial performance and cash flows,
• management has complied with applicable standards and interpretations, except that it has departed from a particular requirement to achieve a fair presentation,
• the title of the standard or interpretation from which the entity has departed, the nature of the departure, including the treatment that the framework would require,
• the reason why that treatment would be misleading, and the treatment adopted; and
• for each period presented, the financial effect of the departure on each item in the financial statements that would have been reported in complying with the requirement.

Speaking of jobs prepared in terms of IFRS, NZ IAS 1 summarises this neatly:

How do we approach this in Audit Assistant?

Our audit reports are treated as follows:

• Tier 1 and 2 and Tier 3 PBE jobs are treated by default as fair presentation 
• Tier 4 PBE jobs are treated as compliance by default.
• In the SPFR for PBE jobs (including Body Corp jobs) there are two options – straight SPFR for PBE audit reports are fair presentation by default and the “generic special purpose” option is compliance by default.
• SPFR for NFPs defaults to compliance.
• NOTE: make sure you are using the 2016 update versions of these jobs if there is an option as these contain the current style audit reports – change to these versions if not.

Summary

• Special purpose reporting may or may not be “fair presentation”.
• SPFR for FPEs and Tier 3 PBE reporting may be regarded as “fair presentation”.
• Other special purpose will generally not be “fair presentation” but instead be treated as “compliance” frameworks.
• In these cases we can only report that they comply with the special purpose framework and need to reference what that framework is (as per contract, as per legislation, or as presented in the notes to the financial statements).
• We cannot add any other other phrases in beyond this that hint at anything beyond compliance with the framework.
• Even if financial reports prepared in terms of fair presentation frameworks meet the strict criteria, we must also ensure that they meet the goals of relevance, reliability, comparability and understandability – which in some rare cases may warrant a departure from the letter of the framework.
• The default audit reports in Audit Assistant should always be regarded as starting point only – use your professional judgement in each case and amend if required. 

(Thanks to Zowie Pateman of CAANZ and Dawn Alexander of PKF Goldsmith Fox for their helpful input on this subject.)

What is EER?

The IAASB says:

…EER refers to emerging forms of external reporting by entities that increasingly provide non-financial information that goes beyond the traditional (financial statement) focus on the entity’s financial position, financial performance and impact on its financial resources.

More and more entities are broadening out on what they report in their annual reports. The Statement of Service Performance is the obvious example of this trend. Examples also include sustainability reporting, integrated reporting, corporate social responsibility and environmental social and governance disclosures.

Why EER?

Again the IAASB says:

There is an increasing awareness that the future prospects of an entity are impacted by a wider range of factors than those presented in the financial statements, and of the close linkage between wider value creation and the ability of an entity to sustain its operations in the future. Information about these matters is increasingly addressed in EER reporting frameworks, such as those relating to integrated reports and sustainability reports.

These entities want to tell their story that goes beyond the numbers. In a world that increasingly looks to other measures of value and success than a return to shareholders (or GDP at a national level) this kind of reporting can only become more prevalent.

This doesn’t just relate to entities with a charitable or social purpose either. Entities that have been perhaps been perceived as part of ethically or environmentally questionable industries are increasingly keen to show they are “cleaning up their act” and acting in ethical and sustainable ways.

For instance the NZ fertilizer company Ravensdown have their own integrated reporting website (see screenshot above) where they cover every possible indicator of the effectiveness and effect of their operation including their company values, fraud policy, governance structure, how they define and create value (a very broad “six capitals” type analysis), injury frequency rate, their carbon footprint, the fact they pay their staff above the living wage, and much more.

What does this mean for auditors?

These entities want the public to be able to rely on this information, so while not many examples are required to be audited (yet), the demand is growing, and this represents something we auditors should be prepared for (e.g. from 1 January 2021, Tier 1 and Tier 2 charities will need to include non-financial information alongside the financial statements they file with Charities Services). In fact it represents a huge opportunity.

At present this kind of reporting is mostly being carried out by listed entities and large private companies, and at this point only about 25% are seeking assurance (per Craig Fisher and Misha Pieters – presentation at 2018 CAANZ Audit Conference). But as the public move beyond the “Gee whizz that’s cool” stage into asking questions about whether this is not just “greenwashing” there will inevitably be a move to seek more assurance on these reports.

Looking at the Ravensdown integrated reporting website there is no indication of any assurance work being done on this. Their 2018 annual report (audited by KPMG) only covers the traditional areas. There are no Statement of Service Performance or other integrated reporting components included in the annual report or audit work. This is likely to change going forward.

Interestingly in the audit report for Ravensdown KPMG state that “Our firm has also provided other services to the group in relation to advisory services in respect of Integrated Reporting.”

So there is an obvious opening for auditors to help prepare their clients for integrated reporting in the future, addressing questions like:

• How can we create a clear path towards reporting on and auditing SSP information when it is required for other entities?
• What other types of reporting are actually realistic for us to audit?
• What external experts might we need to find to help us do this work?
• What systems can we help our clients put in place now to enable us to audit this information in future?
• What standards might our clients use that we need to be aware of and familiar with and can we guide them in these choices?

What is Audit Assistant doing to help prepare for this?

Statements of Service Performance are the first obvious report requiring audit. These are already required for Tier 3 and 4 PBE entities (although some firms are opting out of including these in the audit report if the entities are under the threshold for audit or review). We already have testing in terms of EG Au9, and this will be updated when the new standard (NZ AS 1) is released (effective for periods beginning on or after 1 January 2021).

For Tier 1 and 2 entities, we will be adding the option for the audit of SSP in due course.

In terms of other kinds of reporting, there are a multitude of frameworks, so we will be responding with templates based on user need. For instance, the Sustainability Accounting Standards Board has 77 industry-specific standards are available for download. The Global Reporting Initiative (GRI) has six economic standards, eight environmental standards, and nineteen social standards.

This poses a number of challenges and presents an array of new opportunities for auditors. So we could all have a lot of work ahead of us!

(Graphic above and many ideas are from a presentation at the 2018 Audit Conference in Auckland by Craig Fisher (RSM) and Misha Pieters (XRB).)

Just the facts!

As the name suggests, Agreed Upon Procedures (AUP) engagements are a type of assurance engagement that focusses on factual findings, and as such is probably the simplest form of assurance.

The practitioner is asked to verify a question of fact, and their work simply answers that question. 

The International Federation of Accountants (IFAC) notes that: 

…the objective of an AUP engagement is to carry out procedures of an audit nature to which the practitioner, the entity, and any appropriate third parties have agreed and to report on factual findings. These engagements may entail the practitioner performing certain procedures concerning individual items of financial data (for example, accounts payable, accounts receivable, purchases from related parties, and sales and profits of a segment of an entity), a financial statement (for example, a balance sheet) or even a complete set of financial statements. 

Covering specific parts of financial statements or specific transactions makes sense. But there is more:

While directed toward engagements regarding financial information, ISRS 4400 [the international AUP standard] may provide useful guidance for engagements regarding non-financial information, provided the auditor has adequate knowledge of the subject matter in question and reasonable criteria exist on which to base their findings.

In practice, AUP engagements are especially useful to verify to funders that their money has been spent as specified – for much less cost and effort than an Audit or Review Engagement.

Other examples might be:

• Due diligence when buying or selling a business
• Verifying cash balances
• Checking security balances
• Income tax provisions
• Accounts receivable/payable processes
• Special reviews of loan portfolios
• Reviews of internal control and environmental management systems
• Royalty agreements compliance
• Employer compliance/payroll audits
• Purchasing department compliance

What does the work involve?

Factual findings exclude all concepts of risk assessment, materiality, expressing an opinion and extended testing, so they are radically different from risk-based auditing.

So the practitioner must take their auditor hat and stop evaluating risk and materiality, and instead just concentrate on doing what was agreed to in the engagement letter – nothing more and nothing less.

The The Institute of Chartered Accountants in England and Wales (ICAEW) says that: 

The procedures and tests should be sufficiently detailed so as to be clear and unambiguous, and discussed and agreed in advance with the engaging parties so that the factual findings are useful to them and, depending upon the engagement, others to whom the report is made available. The practitioner’s report does not express a conclusion, and therefore it is not an assurance engagement in the technical sense.

Critically, a large part of the planning work is to determine who the users are. This is likely to be either the engaging entity, this entity plus a third party (for instance the funding suppliers), or the entity plus a regulator or representative of a group of users. These users must be identified and addressed in the engagement letter and the final report. The report is specifically restricted to these users.

Why would we use these?

AUP engagements have the potential to be much more focussed than audit or compliance assurance work. And therefore more economical for the client and profitable for the assurance practitioner. The client is assured that they are getting exactly what they ask for and no more.

AUP engagements have the potential to be an attractive and fast growing service offering to SMEs. Clients may not need an audit, but may greatly benefit from an AUP engagement to satisfy banking or vendor needs. (IFAC)

Audit Assistant includes templates using both the NZ and Australian standards for Agreed Upon Procedures. Australian firms use ASRS 4400. NZ practitioners base their AUP work on APS-1 (revised) – Agreed-Upon Procedures Engagements to Report Factual Findings issued by the NZICA (based on the Australian standard).

They may be used with respect to financial information and may be adapted to cover engagements involving non-financial information reporting on the factual findings resulting from those procedures that have been performed.

There are further options: one where the AUP is likely to be an annual job, and the other where is it is a one-off job. In the second case the date entered on setup is the “appointment date” rather than “year ending”.

Our templates include an engagement letter, report, and a range of confirmation letters and work-papers to fit many common agreed-upon procedures. An AUP report expresses the procedures and the practitioner’s findings. For example:

Contact us for more details.