ASIC updates guidance on communicating audit findings

On Wednesday (15 October), ASIC updated its regulatory guide, Communicating findings from audit files to directors, audit committees or senior managers (RG 260), reflecting new responsibilities and recent law reforms.

The updates reflected two key changes, the first being ASIC’s new responsibilities to regulate the financial reporting and audit requirements of registrable superannuation entities (RSEs), following law reform.

Secondly, it reflected updates to the Australian Securities and Investments Commission Act 2001 (ASIC Act) which allowed ASIC to communicate findings from audit file reviews to relevant directors of superannuation trustees.

ASIC’s RG 260 has outlined guidance on the regulator’s approach to communicating audit file reviews to the relevant directors during its audit surveillance process.

The guidance noted that ASIC would generally communicate audit quality findings to company or responsible entity directors, in preference of audit committees or senior managers. This was because directors had statutory responsibilities in relation to the financial report, ASIC’s guidance noted.

When ASIC communicated audit-related information solely to a senior manager of an audited company or disclosing entity, its guidance stipulated that it would provide a copy of the disclosure to the entity’s relevant directors and the audit committee for the company, disclosing entity, responsible entity or superannuation trustee as soon as possible.

The regulator noted that it had a pro-active surveillance program designed to raise the standard or financial reporting audits, with the goal of building confidence in the financial system.

It would typically review a selection of audit files when they had concerns about audit quality or auditor independence, raise these concerns with the audit firms, and include findings and observations in a public report.

ASIC would also share its findings with relevant directors, audit committees, senior managers and key stakeholders of the audited entity. The end goal of this system was to help audit firms and audited entities to work together and improve financial reporting and audit quality.

Previously, ASIC has raised concerns regarding auditor independence and audit quality after a review revealed a ‘disappointing number’ of likely breaches of auditor independence requirements.

Out of 48 auditors and 19 firms reviewed by ASIC, 15 individuals were found to be likely in breach of rotation requirements, relationship prohibitions, or providing a prohibited non-audit service.

To avoid independence breaches, ASIC encouraged firms to create strong documentation clearly and thoroughly considered threats to independence, keep detailed guidance on permissible non-audit services, and maintain strong controls around scope creep.

The updated RG 260 replaced previous ASIC guidance released in July 2022.