Damning ASIC auditor review likely overstated breach rates, CA ANZ says

On Tuesday (7 October), ASIC released findings from its recent review into auditor compliance behaviour, Building trust: Auditor compliance with independence and conflict of interest obligations.

As previously reported by Accounting Times, ASIC’s report uncovered a “disappointing number” of likely breaches of auditor independence requirements.

Out of 48 auditors and 19 firms reviewed by ASIC, 15 individuals were found to be likely in breach of rotation requirements, relationship prohibitions or providing a prohibited non-audit service.

Accounting industry body Chartered Accountants Australia and New Zealand (CA ANZ) welcomed the review, but noted that the breach rate across the broader audit profession was likely lower than ASIC’s report suggested.

“Auditors play a critical role in our economy, and their skills and independence are key to confidence in financial reporting,” said Amir Ghandar, reporting and assurance leader at CA ANZ.

“We welcome ASIC’s data-led review of auditor independence and the findings will help improve systems and practices – but it is also important to note that the overall breach rate across all audits is likely much lower than the results suggest.”

While ASIC identified breaches in approximately one-third of the 48 cases it investigated in-depth, CA ANZ said this likely didn’t reflect the true rate of auditor non-compliance. ASIC’s review covered over 2,900 auditors and had homed in on higher-risk audits through data analysis and other regulatory techniques.

ASIC also acknowledged this limitation in the methodology section of its report.

“The findings in this review … focus on select audits from 48 auditors who were flagged for being at a higher risk of non-compliance with independence obligations based on the available data. The review does not provide a representative sample of the audit industry,” the report read.

ASIC’s report came soon after it updated RG 34, its self-reporting guidance for auditors. CA ANZ said the updated guidance signalled that the regulator expected auditors to self-report more often and move towards a banking-style “breach and report” model.

Notably, none of the 15 likely breaches flagged by ASIC had been self-reported.

“Although its new guidance was issued after the review period, ASIC noted that none of the flagged breaches were self-reported, unlike in sectors such as financial services, where breaching and self-reporting is more common,” Ghandar said.

“Auditor breach reporting has in the past focused on contraventions by audited entities, with auditors working to avoid breaching the law at all themselves, rather than a breach and report model.

“The profession is committed to continuous improvement and welcomes collaboration with ASIC to ensure audit independence remains robust, transparent, and trusted.”

Following the release of its report, ASIC urged auditors to address compliance gaps, especially in relation to their independence obligations.

“Auditor independence is fundamental to audit quality and integrity. A strong focus on independence not only builds trust, it also fosters more rigorous challenges in the audit process thereby enhancing the preparation of high-quality financial information,” ASIC commissioner Kate O’Rourke said.

“We expect auditors to carefully consider this report and use its findings to address gaps in their compliance.”

CA ANZ said it would continue to work with ASIC to help support the audit profession following the updated self-reporting guidance.

“Ethical judgement is at the heart of audit – auditors often go beyond compliance and rules to assess both actual and perceived independence,” Ghandar said.

“We will continue to work constructively with ASIC to ensure the audit profession is supported to understand this evolving area of judgement, especially after the updated guidance on self-reporting clarified expectations around ‘when and what’ to self-report.”