Part Twelve Other Assurance Services 1 Structure of Seminar 1. 2. 3. 4. 5. 6. 7. Objectives of Seminar Enterprise Governance Audit Committees Other Audit & Assurance Functions Audit in the Public Sector Quality Management Conclusions 2 1. Objectives of Seminar To provide you with: • An awareness of the latest developments in the “value-adding” of an audit • Reinforcement of the role of auditing in corporate governance • An overview of types of audit & assurance services other than the financial statement audit 3 2. Enterprise Governance • Framework that covers both corporate & business governance of an enterprise – “the set of responsibilities and practices exercised by the board and executive management, with the aim of providing strategic direction, ensuring the objectives are met, ascertaining that risks are managed appropriately, and verifying that the organization’s resources are used responsibly” (CIMA/IFAC) 4 The framework of enterprise governance Enterprise Governance Corporate Governance Business Governance Conformance Performance Accountability Value Creation Assurance Resource Utilisation 5 Source: Adapted from CIMA/IFAC, Enterprise Governance — Getting the Balance Right, February 2004, p. 10, www.ifac.org. Conformance (accountability) & Audit • Corporate governance is the range of control mechanisms that protect and enhance the interests of shareholders of business enterprises • Structure, systems & relationships among board, management, auditors, regulators, shareholders and public • ASX Principles of Good Corporate Governance & Best Practice Recommendations 6 Corporate Governance 7 A broader role for audit? • Assurance to stakeholders other shareholders – E.g. coy will not fail, no fraud, coy has acted within the law, has been competently managed, has adopted responsible attitude to environmental and societal matters • Is this realistic???? – Independence? Competence? Litigation risk? 8 Ongoing issues for external auditors … • The “credibility crisis” – Earnings management, corporate collapses • Codification of standards – Removal of auditor discretion (“shall” v. “should”) • Audit quality → Independence, Competence & Ethics • Get the basics right, to maintain professional credibility & value of audit function! 9 Business Performance & Audit • The responsibility of the board!!! • “Value-adding” assurance services – Due diligence • Mergers & acquisitions, prospectuses, etc – – – – Forensic audit Social & environmental audit Performance audits Risk management • These are consulting services – beware the independence issue! 10 Business Performance & Audit • Internal Control & Risk Management – The responsibility of the entity • Sarbanes-Oxley requirements – CEOs & CFOs must “certify” adequacy of internal control & risk management systems – Applies to US-listed Australian coys – Auditors also sign-off on these s.404 reports – Risk (litigation?) sharing 11 3. Audit Committees • Sub-committee of the board of directors – Independence & financial expertise of members – A forum for directors, management & auditors to discuss & resolve financial reporting issues – Enhanced ethical culture & integrity of financial reporting – Mandatory for ASX Top 300 companies 12 4. Other Audit & Assurance Services • Major services –Internal auditing –Operational auditing –Forensic auditing –Continuous auditing –Social & environmental assurance 13 4.1 Internal Auditing • “An independent, objective assurance and consulting activity designed to add value and improve and organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effective of risk management, control and governance processes” 14 Internal Auditing • Scope of internal auditing – examination & evaluation of: – Adequacy & effective of entity’s governance and internal control structure – Quality of performance in carrying out responsibilities – Procedures of risk identification & management – Mechanisms to ensure regulatory compliance 15 Internal Auditing • A supplement (not substitute) to the external audit • ASA 610 Considering the Work of Internal Audit • Outsourcing of internal audit function – Implications for audit independence if done by external auditor – Prohibited by SOX but not CLERP 9 16 Organisational and functional differences between internal and independent auditors Internal auditors Employer Companies and government units National organisations Institute of Internal Auditors–Australia Independent auditors Public practice entities • Institute of Chartered Accountants in Australia (ICAA) • CPA Australia 17 Internal auditors Certifying designation Certified internal auditor (CIA) Independent auditors • Chartered accountant (CA) • Certified practising accountant (CPA) Licence to practise No • Registered company/independent auditor • Public practising certificate Primary responsibility To board of directors To members of the company (shareholders) Scope of audits Mainly financial statements All activities of an organisation 18 4.2 Operational Auditing • Used to evaluate a variety of activities – management’s performance, planning & quality control systems and specific operating activities & departments • Relates to non-financial operations • Normally conducted by internal auditor, but may be outsourced 19 4.3 Forensic Auditing • The forensic auditor – – – – looks for evidence of fraud documents systems failures Identifies extent of losses incurred Expert witness/litigation support • A major growth area is e-crime – CSI Audit!!! • ABIS Department – Postgraduate Certificate in Business Forensics • Professional certification – CFE? 20 4.4 Continuous Audit • An emerging issue • Relevant for electronic (web-based) reporting environments • Demand for more timely information • Issues – No time to gather & evaluate traditional audit evidence – Need for fully automated audit software package 21 22 4.5 Social & Environmental Assurance • A “fringe” issue has been become mainstream • Recent rapid growth in “sustainability” reporting – Early reporting by industries with “image problems” e.g. chemicals • Impression management, political legitimacy, reduce political costs, or good responsible corporate citizens? Response to stakeholder concerns or concern for financial risks? • Competition for annual report awards – Equator principles 23 Social & Environmental Assurance • All voluntary reporting – Choice of inclusions – what are the boundaries? – Choice of reporting guidelines • Triple-bottom line reporting (social, environmental & economic) • Global Reporting Initiative (GRI) (UN initiative from 1997) • AA1000 – AccountAbility, a UK-based institute, opensource non-proprietary standard • Hence, assurance on the reports is also voluntary 24 Climate Change & Assurance • Voluntary carbon offsets market – Voluntary assurance • Voluntary climate risk disclosures • NOW – mandatory reporting of emissions – For financial year ended 30 June 2009 – National Greenhouse & Energy Reporting Act 2007, Measurement Act 2008. 25 Climate Change & Assurance • Data from reporting to underpin Emissions Trading Scheme – Carbon Pollution Reduction Scheme (2011?) – Carbon credits are financial instruments!!! • Area of revenue growth for profession – Big 4 recruitment of experts – Partnerships with specialists • E.g. KPMG with RepuTex, BDO Kendalls with Carbon Planet 26 Climate Change & Assurance • Issues & Problems – No standard reporting framework • But IASB plan a standard on emissions trading for 2010 – Voluntary assurance & no standard assurance framework • But IAASB are developing an assurance standard • Intensive lobbying by profession for mandatory assurance – to be provided by the profession • Govt “External Audit Consultation Paper” 2008 27 Climate Change & Assurance • Issues & problems (cont.) – Unlike financial statement audits, no mandated monopoly & a competitive market • Profession argues they have: – – – – – Experience in assurance engagements An existing assurance framework of standards Code of ethics Experience in using the work of experts Independence • However, previous failures in extending scope of assurance services – E.g. WebTrust, SysTrust 28 29 5. Audit in the Public Sector • Applies to the 3 tiers of government – Local, state & federal • Principles from private sector audit are applicable • Accountability is built into the parliamentary system 30 FIGURE 16.6: Outline of a parliamentary system and the accountability process 31 Public Sector Audit • An auditor-general (A-G) is appointed by each State & also the Commonwealth govt, and is an independent officer of Parliament • A-G audits & reports to Parliament on the activities & performance of govt agencies, authorities, coys & their controlled entities • A-G appointed by G-G on recommendation of responsible minister for a term of 10 years 32 Public Sector Audit • Financial statement audit gives opinion on – Whether F/s have been prepared in accordance with orders of Minister of Finance, & – Give a true & fair view of matters required by those orders • Performance audits – Efficiency & effectiveness in use of public resources 33 6. Quality Management • Voluntary quality control standards – Of audit firms – Of audit clients • ISO standards – ISO 9000 : quality management – ISO 14000: environmental management 34 35 Conclusions • Independent external financial statement audit remains core service • Growth in other assurance services driven primarily by – Environmental concerns – Electronic commerce & reporting • Traditional audit functions remain important – Internal audit & public sector audit 36