Lawyers who advise companies and not for profits are familiar enough with annual reports, financial statements, and auditors’ opinions. Many will also have advised boards and audit committees on the negotiation of audit engagement letters and audit fees, and the preparation of letters of representation – processes which can be highly sensitive in some circumstances. But how auditors actually do their work is less familiar to many. And the nature of what auditors do is also changing rapidly.
Auditing is a standards-based activity. Auditing standards in New Zealand are promulgated by the New Zealand Auditing and Assurance Standards Board. The NZAuASB, as it is known, is one of two sub-boards of the External Reporting Board (known as the XRB), an independent Crown entity under the Financial Reporting Act 2013. (The other sub-board is the New Zealand Accounting Standards Board, which sets accounting standards.) The standards promulgated are legislative instruments, subject to disallowance.
The need for statutory audit standard-setting was resisted in New Zealand for many years. But it became necessary with the introduction of regulated auditing under the Auditor Regulation Act 2011 and Part 7 of the Financial Markets Conduct Act 2013 (FMC Act). Auditors licensed to carry out audits of “FMC reporting entities” (a term which includes listed issuers and a range of other entities) must do so “in accordance with the applicable auditing and assurance standards” (sections 416D and 416F of the FMC Act). Those standards are set under s 12(b) of the Financial Reporting Act, which provides for the XRB to set standards for the purpose of the Auditor Regulation Act “and any other enactment that requires a person to comply with those standards”.
In practice, however, the auditing and assurance standards set by the NZAuASB on behalf of the XRB are also available for, and used in relation to, a wide range of non-statutory purposes.
The wider picture – assurance
The term “assurance” needs explanation, because it is widely and sometimes inaccurately used (including sometimes by lawyers) but has a defined and constrained meaning under the standards.
In brief, assurance should be understood as “an evidence-based conclusion” that is designed to “enhance the degree of confidence of the intended users” of subject-matter information. This fits with the purpose of an audit of an entity’s financial statements, which provides “assurance” to the readers and other users of the statements (whether they be shareholders or members, investors or funders, regulators, or customers) that the statements fairly reflect the entity’s financial position and performance and are free of material misstatement. In that sense, an “audit” can be seen as a means by which “assurance” (in that broader sense) is given or obtained.
But assurance can also be given over other types of information. It can also take different forms – for example, an assurance opinion can be expressed in either “reasonable” or “limited” terms. And an audit is not the only means for providing assurance. Lawyers advising clients in the not for profit sector will be aware of the recent changes to the Charities Act 2005, which allow the financial statements of medium-sized charities to be subjected to a “review” rather than a full “audit” (s 42C). Under the applicable standards, a review requires a lesser amount of work than an audit (thus reducing costs to the entity), and provides a lesser degree of assurance. But it can provide helpful information for a charity’s funders and other stakeholders about its financial position and operations.
Other standards enable assurance to be given or obtained over non-financial information. For example, the recently revised standard SAE 3100 Assurance Engagements on Compliance enables assurance over a broad range of an entity’s compliance obligations (whether they are of a legislative, contractual, or other nature). That standard sits under a more general standard on non-financial assurance (ISAE NZ 3000), which has been recently revised with a much broader scope of application in mind. Research by the NZAuASB confirms that these assurance standards are being widely used outside the accounting profession in New Zealand, either as the basis for giving assurance or as points of reference for assurance practitioners’ work. This finding will be of interest to those lawyers who work in the assurance-related space (for example, in the area of Resource Management Act compliance, or as probity auditors of major procurements).
New Zealand is a “standards taker”
In common with many countries, just as most of our accounting standards are derived from global standards, so too are most of our auditing and assurance standards. The International Standards on Auditing (known as ISAs), other international assurance standards, and the International Code of Ethics for Accountants and quality control standards are all set by international boards which operate under the umbrella of the International Federation of Accountants (known as IFAC).
As a “standards taker”, and not a “standards maker” (although with some exceptions), New Zealand’s approach is to adopt all the applicable international standards without amendment, except where there is a “compelling reason” to amend or strengthen (but not weaken) a standard to reflect local regulatory conditions and practices. The NZAuASB also has a close working relationship with its Australian equivalent board, which adopts the same approach. And both boards actively pursue harmonisation of their respective standards, in recognition of the single Trans-Tasman market and the need for a common approach to commercial regulation. This approach has been highly successful, and is one of the better examples of the business law harmonisation approach in practice.
The “standard-taking” approach makes complete sense for New Zealand as a small trading nation in a globalised economy. But it also demands an effort to influence the making of the standards that we adopt. A particular focus of this effort is to ensure that the needs of smaller economies, and small-to-medium entities and auditing practices, are not forgotten in the vastness of the global standard-setting setting process. This is a central plank of the XRB’s strategic direction as a Crown entity. It prompts, in turn, a focus on consultation and engagement with New Zealand constituents, especially when draft international standards and discussion papers are in circulation and “New Zealand Inc”-type submissions are being prepared. A corollary of this process is to ensure that the NZAuASB is aware of the need for, and can make, appropriate New Zealand amendments to the international standards when they are being considered for adoption here.
The XRB and the NZAuASB are keen to involve lawyers in this collaborative activity – hence, in part, the motivation for this article. And it can make a difference. Lawyers are in a good position to identify the need for New Zealand-specific changes to be made to internationally-derived standards arising from changes in legislation. This can provide valuable information for the NZAuASB to apply its “compelling reason” test for changing a standard.
Lawyers’ inputs can extend more broadly into the interface between law and auditing. A recent example can be found in the changes to the regulations governing trust deed audits, and their impact on the drafting of deeds (see “Trust deed audits” at page 37).
I encourage lawyers with clients in the commercial, corporate, and not-for-profit sectors to continue developing their understanding of the audit and assurance environment, and its interface with legislation and corporate governance practice. A good way of doing this is to sign up to the XRB’s free subscription service, which provides regular bulletins and notices of events. Lawyers are welcome to attend consultation events and seminars when they are of interest – and to encourage their clients to do the same.
The changing face of auditing and assurance
I turn now to the future focus. Like all business-related activities affected by globalisation and technology, auditing and assurance is undergoing significant change.
First, a word on technology. It goes without saying that the impact of data analytics and the use of artificial intelligence has huge implications for auditors as well as their clients. As an obvious example, using data analytics can remove the need for an auditor to design processes to obtain “samples” of transactions for the audit (or, put in another way, will enable the auditor to check every transaction over a business period). And auditors are also considering the challenges of auditing new forms of data storage, in particular blockchain (see, for example, “Blockchain at slightly more than a glance”, LawTalk 908, July 2017, page 42).
In the longer term, the process of assurance will be deeply affected by the use of artificial intelligence. But far from rendering audit as a process obsolete, these changes bring new opportunities as well as challenges for auditors and those who set their standards.
Another example of the changing demands on auditors is the uptake of “integrated reporting” (IR), which has been recently recognised in the NZX’s new Corporate Governance Code. The product of an internationally-driven movement by users of corporate reports, spawned in part by GFC-related corporate collapses, IR seeks a more holistic level of reporting about an entity than is possible from the typically short-term, historically-focused financial information found in traditional annual reports. It encourages a future-looking focus on how an entity intends to create value over the medium and longer term. Recent New Zealand examples (including the annual reports of Sanford, Watercare Services, and New Zealand Post) have gained international recognition, with exciting results in terms of readability and the value of information to users. The NZX’s new Code encourages listed entities to consider IR as one means of enhancing their reporting practices. But this also poses challenges for auditors and standard-setters: how should assurance be provided over integrated reports, and do the auditing standards need to be re-written to accommodate them? These issues are also under international consideration and discussion.
International standard-setting has also been affected by the long-term impact of the global financial crisis and its implications for the traditional models of auditing. Enhancing the quality of audits has been a major preoccupation for all standard setting boards over the past decade. This has been driven to a large extent by regulator pressure, arising from dissatisfaction with auditor performance in the years leading up to the crisis and concern about the risk of future corporate collapse. Some fundamental changes to the auditing process and its outputs are now starting to emerge.
Perhaps the most significant is the change to the form and content of the auditor’s report on an entity’s financial statements. Eagle-eyed lawyers involved with listed issuers will have noticed that the standard audit opinion is now supplemented by a range of other information – most notably, a description of the “key audit matters” that arose during the audit and which in the auditor’s judgment need to be drawn to users’ attention. This change is the result of new international standards which are being progressively rolled out in both New Zealand and Australia (starting with listed issuers and extending later to other FMC reporting entities with higher public accountability). The introduction of key audit matters (or KAMs, as they are becoming known) has by all accounts been well received by investors, as well as by directors and audit committees. Indeed, many auditors (including the Auditor-General in the public sector) have been “early adopters” of the new requirements with the agreement of their clients. The Auditor-General’s report on the 2016 Government financial statements provides a good example of KAMs and their information value.
The NZAuASB and the Financial Markets Authority are jointly monitoring the first year’s listed entity KAMs closely, and will be publishing results and commentary later in 2017.
More broadly, the international regulator community has been pushing improvements in audit quality. This has prompted the International Auditing and Assurance Standards Board to develop a project examining improvements in audit quality from a “supply chain” perspective. This is based on the notion that auditors and their work form only one aspect of the financial information supply chain and its quality; the value of an audit is enhanced through interactions with those responsible for preparing and signing off on financial statements, including boards, audit committees, and (in some cases, lawyers), as well as with regulators and other stakeholders. The audit quality framework provides a useful lens through which auditors and non-auditors alike can understand and value the audit process.
A concluding comment
It may be self-evident to say that the audit process can sometimes be difficult for those who find themselves “on the receiving end” of the auditor’s work. It’s also true to say (from my own experience in explaining my role with the NZAuASB to other practitioners) that the XRB and its work tends to fly “under the radar” for many lawyers, despite it being a statutory body and a member of the exclusive club of independent Crown entities. As a governance practitioner I’ve found there is great benefit in understanding the nature of an audit as a process, the standards-driven nature of the activity (which in turn helps those in governance to understand the drivers of audit fees), and what makes auditors tick in terms of their independence and professional scepticism. For lawyers, this can enhance the value they can themselves add, whether as directors, audit committee members, or advisers. I encourage those who are interested to find out more.
Robert Buchanan firstname.lastname@example.org is a Wellington lawyer who chairs the New Zealand Auditing and Assurance Standards Board and, in that capacity, also sits on the Auditing and Assurance Standards Board of Australia. He has also held a number of governance positions.