‘Partly effective’: ASIC put on notice for registered company auditor regulation

In its most recent report, the Australian National Audit Office (ANAO) has identified significant holes in ASIC’s regulation of registered company auditors making various key recommendations to improve its regulatory approach.

The auditor-general, Dr. Caralee McLiesh, noted the report was conducted to assure parliament on the effectiveness of the corporate watchdog’s role and regulation of registered company auditors.

Another reason for the report was the fact that audited financial statements provided important information for capital markets and were essential for effective corporate governance.

Within the report, it was detailed that between 2019-20 and 2023-24, ASIC conducted surveillance of 183 audits of 125,653 financial reports, leading to six investigations and one enforcement outcome.

In addition to this, during this time, ASIC completed 95 investigations into registered company auditors with 89 enforcement outcomes, of which 88 per cent were for failure to pay levies or submit annual reporting.

“The objective was to assess the effectiveness of ASIC’s regulation of registered company auditors. To form a conclusion against the objective, the ANAO adopted the following high-level criteria: have appropriate arrangements been established to support regulatory activities? And is the regulatory approach effective?” the Auditor-General said.

From these objectives, ANAO found that ASIC’s regulation of registered company auditors was “partly effective”.

“While components of an effective regulatory approach and supporting arrangements are in place, ASIC is not measuring its achievement of regulatory outcomes, which is important to demonstrate the effective use of public resources,” the report said.

“ASIC allocates the majority of its surveillance resources to individual audit file surveillance without assessing if this is the most effective use of surveillance resources.”

The ANAO did note that ASIC had integrated the function of regulating registered company auditors into its broader regulatory systems, including agency governance, cost-recovery levies, probity management, stakeholder communications and staff training.

Despite this, ASIC’s ministerial statement of expectations had not been updated since August 2021 and was “overdue to be refreshed”.

It was also found that while the regulator’s business planning and regulatory framework was informed by risk and it had linked its registered company regulatory activities to its statutory objectives and strategic priorities, it did not measure or assess whether regulatory outcomes for registered company auditors were being achieved nor if its interventions were contributing to the achievement of those outcomes.

“Measuring the achievement of outcomes is important to demonstrate the effective use of public resources. As a result, ASIC’s arrangement to support regulatory activities for registered company auditors are partly effective.”

ASIC’s approach to regulation of registered company auditors was also labelled as “partly effective”, as it was deemed that its visibility of audit quality or the impact of its own regulatory actions was “narrow”.

“Fundamental components of an effective regulatory approach are in place, such as ASIC’s administration of the registration of company auditors, monitoring ongoing compliance obligations such as mandatory reporting and payment of levies, and processing the resignation and removal of auditors from audit engagements,” the report read.

“ASIC’s supervision of audit quality is based primarily on a small number of individual audit surveillances targeted at higher-risk entities. There is limited follow-through of quality issues identified in these surveillances other than reporting thematic findings to industry annually.”

Further, it was found that ASIC had not implemented procedures for using the audit deficiency reporting process established by legislation in 2012.

To address and fix its approach to and regulation of registered company auditors, the ANAO proposed five key recommendations, all of which were agreed to by the Treasury and ASIC.

Recommendations included a refresh of ASIC’s statement of expectations, a development of measures to report on the performance of regulatory outcomes for registered company auditors, publicly reporting on the timeliness of processing registered company auditor resignations and removals against nominated performance targets, improvement of registered company auditor surveillance activities and implementation of procedures for the audit deficiency process.

“The ANAO’s recommendations that we measure and report on the outcomes of our regulation of registered company auditors and review our auditor surveillance activities represent an opportunity for ASIC to continue to evolve and enhance its regulation of auditors.”