1. What does ‘assurance’ mean in the financial reporting context? Who are the three parties relevant to an assurance engagement?
An assurance engagement (or service) is defined as ‘an engagement in which an assurance practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria’ (Framework for Assurance Engagements, para. 8; International Framework for Assurance Engagements, para. 7). In the financial reporting context ‘assurance’ relates to the audit or review of an entity’s financial report.
An audit provides reasonable assurance about the true and fair nature of the financial reports, and a review provides limited assurance. The audit contains a positive expression of opinion (e.g. ‘in our opinion the financial reports are in accordance with (the Act) including giving a true and fair view…), while the review contains a negative expression of opinion (e.g., ‘we have not become aware of any matter that makes us believe that…the financial reports are not in accordance with (the Act)… including giving a true and fair view..’). An auditor may also perform agreed upon procedures for a client, but these do not provide any assurance.
The client determines the nature, timing and extent of procedures and no opinion is provided to a third-party user. The assurance practitioner is an auditor working in public practice providing assurance on financial reports of publicly listed companies, or other entities. Intended users are the people for whom the assurance provider prepares their report (e.g. the shareholders). The responsible party is the person or organisation (e.g. a company) responsible for the preparation of the subject matter (e.g. the financial reports).
2. What qualities must an ‘assurer’ have in order for you to feel that their statement has high credibility?
An assurer must have the knowledge and expertise to assess the truth and fairness of the information being presented by the preparers. Auditors of financial reports need to be trained accountants with detailed knowledge about the complex technical accounting and disclosure issues required to assess the choices made by the financial report preparers. When undertaking an audit, the auditor should use professional scepticism, professional judgement and due care. Auditors should be independent of the client.
Independent auditors have no incentives to aid the entity in presenting their results in the best possible light. They are concerned with ensuring that the information contained in the financial report is reliable and free from any significant (material) misstatements (error or fraud). A user needs to believe that the auditor is acting independently. This means that not only should auditors be independent (i.e. not have any undue personal or financial incentive to protect the client), auditors should avoid doing anything that would cause a reasonable person to doubt their independence.
3. Why do audit firms offer consulting services to their audit clients? Why don’t they just do audits and let consulting firms provide the consulting services?
The arguments in favour of audit firms providing other services to their audit clients relate to the benefits to be derived by all parties. The audit firm has very detailed knowledge about the client and can use that knowledge to recommend actions or products that would suit the client’s needs. In some cases, the auditor could identify a potential problem that the client had not identified. To the extent that the audit firm uses its knowledge to provide better advice than could be provided by an external consultant, the client will benefit. Shareholders of the client and other interested parties will benefit from improvements to the client’s business. Finally, the auditors will benefit from additional revenue which can be used to subsidise the audit firm’s investments in knowledge and systems, and streamline the audit.
The main disadvantages of audit firms providing services to their audit clients relate to potential adverse effects on the auditor’s independence. The auditor could be unwilling to provide services which would reduce their audit fees or cause the client to seek another auditor. The auditor could be unwilling to criticise something to the client which was provided by their consulting division. The auditor could be ‘blind’ to potential adverse impacts on the client’s accounting systems from products and services provided by their consulting division. Even if the consulting provided unquestionable benefits to the client, the relationship between the audit firm and the client could become ‘too cosy’, and discourage the client from considering other auditors. Finally, the auditor could be reluctant to qualify the audit report for fear of losing lucrative fees from consulting services. If this occurs, the audit is less valuable because the auditor is less independent.
4. An assurance engagement involves evaluation or measurement of subject matter against criteria. What criteria are used in a financial report audit?
An auditor evaluates the contents of a financial report against the standards and laws that apply to that type of financial report. Listed public companies must abide by the Corporations Act, the Australian Accounting Standards (AASB) and the listing rules of the ASX. Certain companies must also abide by additional specific legislation, depending on their industry or legal status. In addition, if a company is listed in another country, foreign exchange listing rules and laws could apply to the financial report.
Auditing standards control the way an audit is conducted, they are not the criteria against which the financial report is evaluated.
5. Who would request a performance audit? Why?
A performance audit is an assessment of the economy, efficiency and effectiveness of an organisation’s operations. It can be conducted internally (by internal audit) or externally (by an audit firm) and across the entire organisation or for part of an organisation.
Management may request a performance audit of its own company (or part thereof) in order to assess the economy, efficiency and effectiveness of the organisation. Ideally, the audit would identify issues that need to be addressed in order to increase the performance of the division or company. For example, the audit could examine a logistics department. It would assess the cost of running the department, the number of deliveries per input (such as labour hours, vehicle hours, etc), and indicators of delivery on time to the correct address.
A performance audit could be conducted on a government department or agency as part of the process of accountability to the public. Stakeholders of government entities are usually seen to be more interested in economy, efficiency and effectiveness than in profit, or surplus. Performance auditing can expose poor practices, or even corruption, in an organisation. Performance auditing can provide information on the implementation of government policies. Regular performance auditing of government entities can help build trust between the government and the citizens.
6. Are internal auditors independent? Which internal auditor would be more independent: an internal auditor that reports to the chief financial officer (CFO) of the company, or an internal auditor that reports to the audit committee?
Internal auditors are employees of the company, and therefore cannot be completely independent of the company. However, it is possible to increase the independence of the internal audit department through means such as funding, terms of reference, and reporting lines.
A well-funded internal audit department can investigate more issues and spend more time on each investigation, potentially increasing the chance of discovering fraud and other problems. An internal audit department with a small budget is likely to have fewer staff and less qualified staff (because they will be lower paid), and will have to make compromises on the issues to be investigated.
An internal audit department with wide terms of reference has the freedom to pursue the issues which the audit staff believe are most important or create the most risk for the organisation. A department with narrow terms of reference could be limited to investigating only certain matters, or must seek the approval of higher levels of management before commencing any investigation.
If the internal audit department reports to the CFO it is possible that the CFO will prevent some issues from reaching other members of the management team, or the board of directors. Often, the problems will be within the CFO’s department, creating a conflict of interest for the CFO when deciding whether to report the issue more widely. An internal audit department that reports directly to the audit committee is outside the normal lines of management and reporting. The audit committee is part of the board of directors. Therefore, reporting to the audit committee increases the chance that the highest level of the organisation is aware of the problems and will approve the investigation. The audit committee also deals with the external auditor. If the internal auditor reports directly to the audit committee it can communicate the issues to the external auditor and ask them to consider them, where relevant, as part of the financial report audit.
Not all companies have an audit committee. Where the audit committee does not exist, the internal auditor could report directly to the full board of directors.