The second in a series of six blogs, authored by our CaseWare Cloud SMSF Audit product content provider Sharlene Anderson and the Veritas Corp team. Sharlene focuses on a key SMSF Audit process for each of these blogs and recommends what to include in your documentation to ensure you complete and gather adequate evidence for a high quality, compliant audit.
SMSF audits are conducted in accordance with Australian auditing standards and standards on assurance engagements. The documentation requirements of the standards are exhaustive. It is vitally important that each audit file can stand alone and support both compliance with the standards and the audit opinions. If a procedure or test is not documented, the auditor has no evidence that it was performed. If an audit file should be called into question, and this can happen at professional body Q & A review as well as litigation by clients, the auditor with a well-documented, compliant audit file will have much firmer ground to stand upon.
Disclaimer This paper represents the opinion of the author(s). The contents are for general information only. They are not intended as professional advice – for that you should consult a suitably qualified professional. Veritas Corp expressly disclaims all liability for any loss or damage arising from reliance upon any information in this paper.
Part 2: Audit Plan
The audit plan should be sufficient to evidence compliance with the audit standards. ASA 300 Planning an Audit of a Financial Report is, of course, relevant but the audit plan should also document compliance with various other audit standards.
The audit plan should include, but not be limited to:
- Document the overall audit strategy that sets the scope, timing and direction of the audit, and that guides the development of the audit plan.
- Document the scope of both the financial audit and compliance audit.
- State the reporting objectives
- State whether consideration was given to any factors that in the auditor’s professional judgement are significant in directing the engagement
- State the nature, timing and extent of resources required to perform the engagement
- Consideration whether knowledge gained from prior year audit of the SMSF is relevant
- Consideration of compliance with ethical requirements including independence (ASA 200), engagement partner conclusion on compliance with independence requirements (ASA 220), and safeguards in place to reduce any threat to an acceptable level
- Issues with any other ethical requirements and how they were resolved (ASA 220)
- Whether the financial reporting framework is acceptable (ASA 210)
- Conclusions reached regarding acceptance and continuance of engagement (ASA 220)
- That the firm’s policies on engagement quality control review have been performed before the date of the audit report (ASA 220)
- Risk Assessment – nature, timing and extent of risk assessment procedures under ASA 315 including documenting risks of material misstatement due to fraud at assertion level and financial report level and responses to those risks (ASA 240) and risks from related party transactions (ASA 550)
- Analytical procedures (ASA 315, ASA 520) – Analytical procedures to also be performed near the end of the audit.
- Document enquiry of trustees as to who are related parties of the fund, nature of the relationship and whether any related party transactions occurred (ASA 550)
- Sampling techniques and sample size in response to assessed risks
- Understanding of internal control relevant to the audit (ASA 315) (ASA 330)
- Document enquiries of trustee regarding fraud, including controls to detect fraud and whether trustees have any knowledge of actual or suspected fraud (ASA 240)
- Document engagement team discussion on how the financial report may be susceptible to material misstatement, including who was at the meeting (ASA 315) with emphasis at the meeting on misstatement due to fraud (ASA 240) an error that could result from related party transactions (ASA 550)
- Document understanding of the legal and regulatory framework and the Superannuation sector (ASA 250)
- Nature timing and extent of planned further procedures at the assertion level determined under ASA 330 The
- Auditor’s response to assessed risk
- Other planned audit procedures (ASA 300)
- State nature timing and extent of direction and supervision given to team members and the review of their work (ASA 300)
- Determine materiality for the financial report as a whole and consideration of materiality levels for particular classes of transactions, account balances or disclosures (ASA 320)
- Determine performance materiality for the purposes of assessing the risks of material misstatement and determining the nature, timing and extent of further audit procedures (ASA 320)
- Determine a level of ‘clearly trivial’ for financial audit (ASA 450)
Most auditors will use an audit program to conduct the audit. If this sits outside the audit planning document the audit plan should describe how procedures described in the program will enable sufficient appropriate audit evidence to be obtained to reduce audit risk to an acceptably low level.
CaseWareCloud SMSF Audit has an inbuilt planning section with checklists to ensure you’ve ticked off/complied with all of these ASA requirements. The planning document also allows you to document all factors related to the audit strategy.
A financial audit program should essentially contain procedures to obtain sufficient appropriate evidence at the assertion level and the financial report level. Critically, ownership, existence and market value of assets and liabilities, and completeness and occurrence of transactions. The program should include the responses to assessed risks.
The program should also cover the correct classification of financial statement items and transactions. In a recent case, an auditor was found at fault and in part liable for client losses, for reasons including that the auditor had not questioned the incorrect classification of a balance sheet item.
The auditor also has a responsibility to obtain sufficient appropriate evidence about whether opening balances contain misstatements that materially affect the current period’s financial report. This may be straightforward if you were the auditor for the last financial year but if there has been a change of auditor the procedures of ASA 510 to obtain sufficient appropriate audit evidence for opening balances must be adhered to. To simply qualify the audit report in respect of opening balances without first applying procedures to evidence the balances is not compliant with ASA 510.
The compliance audit program should at a minimum include procedures that cause evidence to be obtained to confirm whether or not the fund has complied with each and every SISA/SISR section included in the ATO audit report for the relevant year of audit and responses to assessed risks on non-compliance.
Both the compliance and financial audit programs should record:
- who performed the work and on which date,
- who reviewed the work, when, and
- the extent of such review and identifying characteristics of the specific items or matters tested (ASA 230).
Each step in the audit program should include a reference as to where on the file the corresponding evidence or work performed can be found to enable an experienced auditor to understand the nature, timing, extent and results of audit procedures (ASA 230).
All documents and procedures in CaseWareCloud SMSF Audit can be “signed off” at which point, the user who is logged in and the date will be recorded in the file. By keeping your login private, this is your signature as a user cannot signoff as a different person, without their login info.
You might also like: Top Tips for SMSF Audit Documentation: Engagement Letter