4 September 2023
I have good news and bad news.
The good news is that the new standard for the audit of service performance (NZ AS1 (Revised)) is actually much simpler than the original standard released three years ago. The bad news is the shambles created by rushing through the original standard without proper consultation, deferring it twice, and then effectively cancelling it altogether.
Diligent auditors (and software/content developers) front-footed it and adopted NZ AS1 anyway, thinking we were doing a good thing – despite complaints from our customers about how complex it was – only for it to be deferred.
We had updated our templates and encouraged auditors that this was the way to go, knowing that it would apply sooner or later, and although the standard was a bit of an overkill for smaller entities, it seemed to fit well with its sister reporting standard for Tier 1 and 2 PBE’s – PBE FRS-48.
Those firms that muddled along using bits and pieces from ISAE (NZ) 3000 (Revised) and EG Au9 can now go straight to the new standard, without the pain of having to do that hard work. One up for procrastination!
Anyway, now that I’ve got that off my chest, what about the new standard? And why was it changed?
The XRB issued a statement in July 2023 explaining the rationale for the changes. One major issue was that the Office of the Auditor-General raised concerns regarding the suitability of NZ AS 1 for the public sector.
So the standard, while already released, was at the last minute deferred to allow time for the XRB to work with the OAG to address these concerns and consider the future application of NZ AS 1. This was after the original 12-month deferral due to COVID – which also reflected the deferral of PBE FRS-48.
PBR FRS 48 was released at a similar time to the original NZ AS1. The language was aligned – in that “service performance information” was used instead of the “outcomes” and “outputs” language of the old Tier 3 and 4 standards. I get the feeling that the original NZ AS1 was really made for large Tier 1 and 2 PBE entities without a lot of thought given to small charities.
The new standard changes the language from the complex audit-speak to friendly terms like “appropriate and meaningful.” (Para 25 describes what this means.) This is to be applied as follows:
• Are the elements/aspects of service performance that the entity has selected to report on appropriate and meaningful?
• Are the performance measures and/or descriptions the entity has used to report on what it has done in relation to those elements/aspects of service performance during the reporting period appropriate and meaningful?
• Is the measurement basis or evaluation method used to measure or evaluate the performance measure and/or description appropriate and meaningful? (para 7(a))
The questions above form the first step of the two-step process.
The second part is to assess whether the reported service performance information fairly reflects the actual service performance and is not materially misstated. (para 7(b))
To carry out this part, we need to apply our risk identification skills. The standard echoes the emphasis of ISA 315 (Revised 2019) focusing first on Inherent Risk (risk before consideration of any related controls), then Control Risk.
Then we basically just follow normal audit procedures, but include consideration of service performance information and controls when we look at things like entity and environment, regulatory framework, control systems, materiality, analytical review, and deciding how much reliance to place on controls testing, analytical review and substantive testing.
This will of course impact our documentation and the content of our engagement letters, representation letters, and audit reports, as they relate to responsibilities of governance and the auditor’s responsibilities. Our updated templates have taken all this into account.
The standard emphasises that we “…develop an audit plan with a single audit approach to concurrently cover the service performance information and the financial statements.” (para 20)
Part of the reason for this change is that since the original standard there have been a couple of other major standards released.
It seems that ISA 315 (Revised 2019) has mainly influenced the changes. Much of the language of (NZ AS1 (Revised)) is directly parallel to ISA 315 (Revised 2019) – which is a good thing.
The other influence is the new Tier 3 and 4 NFP Standards. Again they have taken out the “outcomes” and “outputs” language (which very few people actually followed or understood), and replaced it with the nice broad term “service performance information.”
When do we have to use the new NZ AS1 (Revised) standard?
NZ AS 1 (Revised) was approved for issue in July 2023. It is applicable for periods beginning on or after 1 January 2024. Note that it may be early-adopted for periods ending after 24 August 2023 – so essentially jobs ending from now. Auditors may use either the current NZ AS1 or ISAE (NZ) 3000 (Revised) until then. The following graphic is from the XRB:
To accommodate for the new standard we have (so far) reworked our latest Tier 3 and 4 (NFP) templates for both the change to the new Tier 3 and 4 (NFP) standards and also to NZ AS1 (Revised).
So, because it is not cost-effective to revise our current Tier 3 and 4 PBE templates from using NZ AS1 to NZ AS1 (Revised), then create a new set of templates for using the new Tier 3 and 4 (NFP) standards with NZ AS1 (Revised) we have added both updates into our Tier 3 (NFP) 2023 and Tier 4 (NFP) 2023 templates. Basically, if the client is using the new Tier 3 and 4 reporting, then use the new template, which will also give you NZ AS1 (Revised).
So we are suggesting that users step up to NZ AS1 (Revised) while also stepping up to the new Tier 3 and 4 (NFP) standards, by swapping to our 2023 NFP series templates (see flowchart below). Note that the new templates are marked NFP, while the existing ones are PBE. We did this to differentiate as they are all marked as 2023! We have not yet updated our Tier 1 and 2 templates for NZ AS1 (Revised). This will happen in the next month or two.
To treat this as a “…single audit approach to concurrently cover the service performance information and the financial statements…” we have integrated the service performance steps into existing pages – rather than treating them as separate pages as in the existing template. For instance Entity and Environment includes some questions related to Service Performance, as does materiality and internal control checklists. This should simplify the work considerably compared to our extant templates.
When do we get the new Tier 3 and 4 (NFP) templates?
The new Tier 3 and 4 NFP templates are up now (5 September 2023), but we are not flagging existing jobs to push to upgrade because there will still be jobs that use the old Tier 3 and 4 standards. So wait until the client adopts the new reporting standards, then update manually to the new template after rollover.
The Standards have a mandatory date of 1 April 2024, meaning the Standard must be applied for accounting periods that begin on or after 1 April 2024. However, these new standards may apply for accounting periods ending after 15 June 2023 – so any balance dates from 30 June this year may be using the new Tier 3 or 4 standards. Hence the reason we have been pushing to update our Tier 3 and 4 audit and review templates.
We have reduced our current templates for the update to the new standards. Instead of two Tier 4 (one full ISA and one reduced for smaller entities that we call our ‘LCE’ versions), we now just have the compact version for the new NFP standard. For Tier 3, we will still have an LCE version for simpler entities and a full ISA version, but we have combined the ‘group’s’ content back into this one as well. So now there are two instead of three options.
To summarise:
