December 3, The European Commission Directorate Internal Market and Services B 1049 Brussel, Belgium markt greenpaper

Transcription

1 The Canadian Institute of Chartered Accountants L Institut Canadien des Comptables Agréés 277 Wellington Street West 277, rue Wellington Ouest Toronto, ON Canada M5V 3H2 Toronto (ON) Canada M5V 3H2 Tel: Fax: Tél. : Téléc. : December 3, 2010 The European Commission Directorate Internal Market and Services B 1049 Brussel, Belgium markt greenpaper audit@ec.europa.eu Dear Directors: Re: COM (2010) 561 final Green Paper Audit Policy: Lessons from the Crisis The Canadian Institute of Chartered Accountants (CICA) is pleased to provide its comments on the Green Paper, Audit Policy: Lessons from the Crisis. The European Commission plays a vital role in the international environment and the Institute strongly encourages the Commission to recognize its leadership role in the global community. The CICA together with the provincial, territorial and Bermuda Institutes/Ordre of Chartered Accountants, represents a membership of approximately 77,000 CAs and 12,000 students in Canada and Bermuda. The CICA conducts research into current business issues and supports the setting of accounting, auditing and assurance standards for business, not for profit organizations and government. It issues guidance on control and governance, publishes professional literature, develops continuing education programs and represents the CA profession nationally and internationally. Our response to the Green Paper is provided in the following attachments. Paper 1: Paper 2: Paper 3: Paper 4: Detailed Response analysis of issues and recommendations Answers to Questions in Green Paper Reference sources on issues discussed in Green Paper Literature Review Please contact me if you have any questions or require any clarification on our commentary. Yours sincerely, Kevin J. Dancey, FCA President and Chief Executive Officer

2

3 Paper 1 European Commission Green Paper DETAILED RESPONSE Audit Policy: Lessons from the Crisis ( the Paper ) INTRODUCTION The Canadian Institute of Chartered Accountants appreciates the opportunity to respond to the Commission s Green Paper addressing several issues on Audit Policy. We believe that the issues raised deserve wide discussion by stakeholders. We believe also that it is timely to initiate the discussion at this time to see what reforms, if any, are needed as we learn from the financial crisis. We have adopted three guiding principles in developing this response. The first guiding principle is that auditing and practice has to embrace needed reform to remain relevant and ensure that it adds credibility and, therefore, value to financial reporting. The profession has never accepted that the status quo had to be defended and has always ensured that it is sensitive to changing needs. Nobody in today s competitive environment can survive if it maintains the status quo. The second guiding principle in preparing this response is that any proposed change be based on clear evidence that the change would enhance audit quality and perhaps, equally important, no changes should be made if there is any evidence that audit quality would be lessened by that change. The third guiding principle is that a regulatory change may not, in every case, be the most efficient or effective element of reform. In many cases market mechanisms are more effective and efficient. Accordingly, any override of market choice should be fully researched and supportable. We also believe that the following three important overall perspectives should provide a useful context for any proposed examination of audit policy. Need for the EC to operate in the global context The EC plays a vital role in the international environment. In developing the Paper and moving forward to address the issues in it, the EC is playing a leadership role. However, it is important to recognize that the EC is part of the global community and that extensive globalization is already embedded in the audit world. The EC should work to improve the quality of audits through international cooperation. It is important, therefore, that the EC not discuss and act on the matters in a solely EC centric way. 1

4 Standard setting bodies are globalizing their standards, after extensive research and deliberation, including participation by EU firms and oversight by the EU itself. Many countries are implementing global auditing and accounting standards. Imposing auditing standards that are inconsistent with those recognized internationally would cause significant problems in meeting the overarching goal that global readers of auditor s reports have a consistent understanding of the work of the auditor. Each multinational audit firm has its own common methodologies and systems for managing independence issues and conflicts of interest across all jurisdictions in which it operates. When considering changes to the structure and governance of audit firms, it is important, if they are to be effectively implemented, that they be considered in a global context. For example, it would likely be difficult for large firms to drastically restructure in one country or area and not another. Need to consider audit issues within a broader context The Paper focuses on auditing issues. However, it must be recognized that solutions to many of the issues will involve accounting standard setters, regulators and other stakeholders as well. For example, in assessing how to improve the integrity of the financial reporting process and systemic risk, changes to the roles of regulators, boards of directors, audit committees, and the legal liability environment need to be considered alongside changes to the audit process. In addition, some of the issues in the Paper point to a potential need for reconsideration of some accounting standards, notwithstanding the ability within IFRSs to override a particular standard when this would result in misleading information. Implementation of many of the ideas suggested in the Paper would require consideration of the varying legal liability and regulatory environments in the various jurisdictions in which audit firms and their clients operate. This is particularly true for issues in the areas of governance and market concentration. For example, the statutory responsibilities of directors and audit committees can vary significantly among jurisdictions, as can the rights of shareholders. The Paper makes reference to the Green Paper on Corporate Governance. However, it is unclear to what extent that material has been considered in developing material for this Paper. Need for the EC to take into account extensive research and other work already performed Many of the issues raised in the Paper have been extensively discussed and researched in international circles. It is important that the EC be familiar with relevant existing research before embarking on major new initiatives. In our response, we have indicated where the EC may wish to conduct or consider additional research as it moves forward to address issues noted in the Paper. For example, the Paper raises a number of what are commonly called expectation gap issues. Many of these have been studied extensively, although not necessarily resolved to the satisfaction of all stakeholders. The Paper itself appears to contain some misconceptions about the financial statement audit and the role of the financial statement auditor that are reflective of these expectation gaps and might serve to perpetuate or extend them. We have noted these in our response for information purposes. 2

5 Most particularly, in many jurisdictions around the world and internationally, standards have been developed after extensive research, discussion, exposure and in some cases reexposure. These standards have been approved by international bodies with extensive representation from European members and oversight by the EC, among others. We refer primarily to International Standards on Auditing (ISAs 1 ) issued by the International Auditing and Assurance Standards Board (IAASB) International Financial Reporting Standards (IFRSs) issued by the International Accounting Standards board (IASB) are also relevant, as is the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA Code). In this respect, as noted by the EC in the Paper, the clarified ISAs apply for the first time to the audits of 2010 fiscal years. These standards contain many clarifications and enhancements compared to the standards that auditors applied during the recent financial crisis. It may therefore be premature to promote changes to the ISAs before the EC has had the opportunity of researching whether the implementation of the clarified ISAs has addressed perceived weaknesses in the audits during the crisis. 1 References to ISAs in this response are to the clarified ISAs effective for audits of financial statements for periods ending on or after December 15,

6 COMMENTS ON SPECIFIC MATTERS RAISED IN THE GREEN PAPER We have set out below recommendations regarding specific matters raised in the Paper. Comments related to each of these recommendations are set out in the following sections of this letter. LIST OF TOPICS AND RECOMMENDATION RELATED TO EACH. A. International Standards on Auditing (ISAs) We recommend that, in the interests of the efficiency and effectiveness of the audits of multi national entities, the clarified ISAs be implemented as soon as possible. Before contemplating overlaying additional auditing requirements, the EC should determine the extent to which issues raised in the Paper have been adequately addressed in the clarified ISAs and should not make requirements that significantly conflict with them. The clarified ISAs are only just becoming effective and their application should be assessed over a reasonable period of time before amendments are considered. Further topics that are covered in ISAs B. A Substantive Approach to Auditing We recommend that the EC reject a move away from the audit risk model that forms the basis of the ISAs. A move to a significantly more substantive approach, even when possible, would not serve the interests of stakeholders. C. The Purpose of an Audit and the Role of the Auditor We recommend that the EC recognize that the role of the auditor of financial statements is clearly set out in ISA and assess the degree to which the EC s concerns are addressed therein. We also recommend that the EC study the extensive history of literature and research that already exists into the expectation gap, and measures taken to mitigate it. We do not believe the solution lies in trying to further explain the audit in an even more expanded audit report. D. Communications on the Annual Financial Statements the Auditor s Report and Other Communications We recommend that the EC recognize that the auditor s standard report in the ISAs substantively addresses the issues raised in the Paper and that the IAASB is currently researching the effectiveness of the auditor s report. The possibility of making internal communications available to a wider audience needs to be researched before any changes are made. Further education of users about the purpose of an audit and the role of the auditor, if needed and desired, could be undertaken by other means. We also propose that any recommendations concerning communications with audit committees seek to involve the international community so that diverse solutions are avoided. We support cooperation with supervisors to the extent possible under local legal environments. 2 ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing. 4

7 E. Auditor Behaviour We recommend that the EC recognize that professional scepticism, professional judgment and substance over form are effectively addressed in the ISAs. We recommend that no new rules be made at this time on these topics but if any measures are considered they should be fully researched for their practicality and international consistency. F. Small and Medium Sized Entities (SMEs) We recommend that the EC maintain one standard of audit for all entities as reflected in the ISAs. We also recommend that, for entities that do not have an audit but need assurance from a professional accountant on the financial statements, the EC support the efforts of the IAASB in developing a robust set of review engagement standards. We also recommend that the EC accept that the ISAs adequately deal with the particular aspects of auditing SMEs. G. Quality Control Standards for Small and Medium Sized Audit Practices (SMPs) We recommend that one standard of quality control requirements should apply to all practices, large and small. Experience indicates that the existing International Standard on Quality Control (ISQC) No. 1 is sufficiently adaptable that it can be applied effectively to even the smallest firms. To establish a lower standard of quality control would send an inappropriate message about how small audit firms conduct their practice. Issues that are largely beyond the scope of the ISAs H. Possible Expanded Roles for the Auditor Where there is already practice, such as reports on internal control over financial reporting and interim financial statements and on various aspects of sustainability, we recommend the EC consider standards already in place or under development, and the experiences of other jurisdictions that have already implemented such standards. For proposed new roles, we urge the EC to proceed with caution, being alert to independence and conflict of interest issues and taking care not to create further misunderstandings, for example by blurring the respective roles of management and the auditor; extending roles beyond the expertise of auditors; or requiring reporting when there are no well established criteria. I. Governance and Independence of Audit Firms Recognizing that significant changes in this area could have major unintended consequences within the EU and internationally, the EC should consider current research, and proceed in concert with the international community, taking account of potential costs and benefits. J. Concentration and Market Structure Recognizing that significant changes in this area would be extremely complex and in some cases impractical, even if desirable, and would have major international implications, the EC should consider current research, and proceed in concert with the international community. 5

8 COMMENTS RELATED TO OUR RECOMMENDATIONS A. International Standards on Auditing (ISAs) 1. The ISAs have already dealt with many of the issues set out in the Paper, based on rigorous international standard setting processes in which the EU has played a significant role. The Paper is not clear whether the EC has given due consideration to the ISAs. Commentary a) As noted in the Paper, the IAASB has recently issued a complete set of clarified auditing standards. The IAASB includes seven members from EU member states and an EC observer, and is subject to oversight by the Public Interest Oversight Board, which has an EU chairman and five EU members. In addition to extensive discussion and public exposure for comment, the standards have been supported by extensive research both prior to and during this clarification process. They have been adopted as the basis for national standards in 126 jurisdictions, including a majority of EU member states, as acknowledged on page 10 of the Paper. While there are one or two references, it is not clear whether the EC has evaluated the topics discussed in the Paper against the requirements in the ISAs to determine whether the standards already address concerns that are raised. Furthermore, it is vital that the ISAs be endorsed at the European level to avoid problems that would arise if adoption was left to member states. b) If the result of the EC s work is that the ISAs were not to be fully implemented in the EU on a timely basis, or standards were to be established that were in conflict with them, the damage to the international financial and accounting community could be severe, and stakeholders would be badly served. If the EC believes there are deficiencies, there are mechanisms in place to deal with them at the international level. But if the EC (or any other body) writes its own rules unilaterally, the result would be most unfortunate and damaging. In particular, if the auditing standards in the EU were to significantly retreat from the audit risk model, it would be very harmful in practice. c) Other areas adequately addressed in ISAs that are the subject of suggestions in the Paper are discussed in the remainder of this response. Sections B through F contain significant suggestions that have been considered and resolved in the ISAs and Appendix 1 summarizes such matters. d) Overall, we trust that the EC will realise that, while there are always improvements that can be made, most of the issues relating to the role of the auditor and the performance of audits have already been dealt with in the ISAs that are effective for 2010 calendar year end audits. Recommendation We recommend that, in the interests of the efficiency and effectiveness of the audits of multi national entities, the ISAs be implemented as soon as possible. Before contemplating overlaying additional auditing requirements, the EC should determine the extent to which issues raised in the Paper have been adequately addressed in the 6

9 ISAs and should not make requirements that significantly conflict with them. The ISAs are only just becoming effective and their application should be assessed over a reasonable period of time before amendments are considered. B. A SUBSTANTIVE APPROACH TO AUDITING 1. The Paper suggests that auditors should go back to basics with a strong focus on substantive verification, and leave tests of controls to management and internal audit (page 7). It is not clear what facts or assumptions led to this comment. It is highly doubtful that a substantive audit approach is more effective and efficient, or even possible for the audits of some entities, particularly large complex financial institutions. There seem to be important misconceptions in the Paper related to how the auditor performs audits. Commentary a) The risk model incorporated into the ISAs results from extensive research, discussion in the IAASB and extensive input from stakeholders. Many large firms base their audit approaches on ISAs. b) The Paper implies that there has been a move completely away from the substantive approach. This is not our experience. The risk model s purpose is to enable the auditor to focus substantive work on the areas of highest risk. In such areas more substantive work may be performed than under previous models. Why perform extensive work in areas that are extremely unlikely to contain errors? Furthermore, ISA requires that substantive procedures be performed on each material class of transactions, account balance and note disclosure. c) Pressure from users (and, to some extent, regulators) to issue audit reports closer to the year end has made reliance on risk assessments imperative, especially internal control risk. Any significant movement in the other direction would run counter to the EC s concern that reports are too little too late. As well, such a move would likely not be justified under a cost benefit analysis. d) The Paper suggests internal auditors could be primarily responsible for auditing internal control. Internal auditors are employees of the company and are not independent. Given concerns expressed about the independence of external auditors, would not such concerns apply in an even more substantial way to internal auditors? Rather we would strongly support the IAASB s current proposals which seek to determine the extent and conditions under which the external auditor can make use of the internal auditor to gather the most effective audit evidence. e) In most large companies, and in financial institutions in particular, the degree of automation renders traditional getting back to basics auditing impossible. In such cases, examination, testing and evaluation of internal controls related to financial reporting is the only possible approach, together with analysis of the output from the system. f) The ISAs recognize that there are some risks that are inherently so pervasive that substantive procedures are mandated. ISA 330 requires the performance of substantive procedures to specifically address all risks that are assessed as 3 ISA 330 The Auditor s Response to Assessed Risks 7

10 significant. Also, ISA 240 4, for example, requires testing of the appropriateness of journal entries, review of accounting estimates for bias and evaluation of the rationale for business transactions outside the normal course of business. g) Consideration needs to be given to whether a move to substantive auditing would impede the evolution towards continuous auditing and the ability of auditors to provide assurance on a real time basis, which is the subject of research at this time. Continuous auditing would need to be even more reliant on internal control than the present approach. h) Any move to a more substantive approach may not work in an environment where auditors use the work of other auditors who report on controls at service organizations. i) We believe the EC may have misperceptions about what is required, and how an audit is performed in these areas. We have identified other possible misconceptions in the Paper in the following areas: i) that obtaining reasonable assurance is less targeted at ensuring that the financial statements give a true and fair view and more geared to ensuring that the financial statements are prepared in accordance with the applicable financial reporting framework. The IFRSs, for example, build in concepts of fairness 5 and allow for the very rare situation where following the requirements would result in misleading financial statements. ISA 700 requires the auditor to evaluate the fairness of the financial statements. ii) that obtaining reasonable assurance is not focused on substance over form (page 6). Substance over form is built into IFRSs and the ISAs. iii) that in communicating with users it would be possible to tally up what has been audited by direct verification versus what has been audited by professional judgment and whether anyone would understand the difference (page 7). Each material financial statement assertion is assessed for risk and the extent of substantive audit work thereby determined. Also, there are different kinds of substantive work tests of details and analytical procedures. To explain all this would be impossibly complex. In addition, revealing this amount of detail on the audit could provide the auditee with a road map to the audit and thereby the means to try to circumvent it, if that is their aim. Auditors are therefore careful in this regard, even in communications to audit committees when management is present. iv) that some financial statement items are directly verified in a way that does not require the auditor to exercise professional judgment (page 7). Virtually every financial statement item including cash (if there is foreign exchange exposure for example) involves estimates, and every item is subject to different types and levels of risk of material misstatement, the assessment of which all involves professional judgement by the auditor. Effective and efficient substantive procedures cannot be designed without 4 ISA 240 The Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements. 5 IAS 1 Presentation of Financial Statements states in virtually all circumstances, an entity achieves a fair presentation by compliance with applicable IFRS 8

11 appropriate knowledge of internal control. The ISAs 6 require the auditor, on all audits, to obtain appropriate knowledge of relevant controls and consider all knowledge in the possession of the auditor in designing appropriate substantive procedures. v) that audits do not include tests of controls (page 7). In most audits, tests of controls are applied to many financial statement assertions. Tests must be applied to controls that are relied on to reduce the extent of substantive procedures. Tests of controls are also required when substantive procedures alone cannot provide sufficient audit evidence (ISA 330). This may be the case, for example, in financial institutions where transactions are generated and approved entirely electronically without human intervention. In such cases, the programming and the controls are the only evidence available. Recommendation We recommend that the EC reject a move away from the audit risk model that forms the basis of the ISAs. A move to a significantly more substantive approach, even when possible, would not serve the interests of stakeholders. C. The Purpose of an Audit and the Role of the Auditor; the expectation gap 1. The Paper acknowledges the importance of an audit and in the expression of a true and fair opinion on financial statements. Footnote 6 quotes an IOSCO paper stating that the audit function contributes to investor confidence in the capital markets. The Paper nevertheless asserts that the lack of awareness of the limitations of an audit engenders an expectation gap and that, therefore, it will undertake a comprehensive debate on how audits and audit reports need to be fit for purpose. Commentary a) Little evidence is presented to support the suggestion that audits and audit reports may not be fit for purpose. b) The expectation gap is not a new phenomenon and has been extensively studied, notably in the US in the 1978 report of The Commission on Auditor s Responsibilities (generally known as the Cohen Commission Report ) c) The purpose of an audit is clearly set out in ISA 200, as is acknowledged in the Paper. The recent expansion of the auditor s report in ISA 700 is an attempt to enhance user understanding of the audit and the financial statements. d) The statement in the Paper that the audit provides assurance on the veracity of the financial health of all companies is itself an example of an expectation gap. The financial statements are meant to fairly present the entity s financial position and results of operations in accordance with the applicable financial reporting framework such as IFRSs, including, when appropriate, disclosures regarding significant doubt about an entity s ability to continue as a going concern. The role of the auditor is to opine on whether the financial statements are presented fairly in accordance with the applicable financial reporting framework. When applicable, the auditor includes an emphasis of matter paragraph in the auditor s report to 6 In ISA 315 identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment the auditor is required to assess the risks of material misstatement through understanding the entity and its environment, including the entity s internal controls. 9

12 highlight disclosures in the financial statements regarding matters related to going concern, as required by ISA e) On page 3, the Paper asks how auditors could have given clean audit reports to their bank clients when they shortly thereafter revealed huge losses. If the assets and liabilities that gave rise to the losses were properly accounted for and disclosed in the audited financial statements in accordance with the applicable accounting framework, the financial statements were fairly presented at the time and there would be no justification for the auditor qualifying or otherwise taking any action. If the financial statements were not in accordance with the framework, then legitimate questions could be asked about why the auditor did not detect this. f) Stakeholders can be educated about what they should and should not expect from an audit, and more generally, financial reporting in several ways. The auditor s report and communications to the audit committee are two methods that we discuss in this response. The Paper suggests more detailed descriptions of the audit that we discuss in Section D. There are further approaches that could be considered, including for example, the kind of communication referred to in Section D1 below. Recommendation We recommend that the EC recognize that the role of the auditor of financial statements is clearly set out in ISA 200 and assess the degree to which the EC s concerns are addressed therein. We also recommend that the EC study the extensive history of literature and research that already exists into the expectation gap, and measures taken to mitigate it. We do not believe the solution lies in trying to further explain the audit in an even more expanded audit report. D. Communications on the Annual Financial Statements the Auditor s Report and Other Communications 1. The Paper suggests that stakeholders might benefit from additional communications on audit methodology in the auditor s report. Commentary a) The Paper suggests on page 7 that auditors should provide a very high level of assurance. It also suggests that auditors disclose more in the reports about the way the audit was performed and cites matters included in the report under the French Commercial Code and being considered in the UK. In the revised auditor s report in ISA 700 a general description of the audit process is required, including the following elements: the respective responsibilities of management and the auditor; the performance of procedures to obtain evidence; that judgment is used by the auditor in determining the extent of the audit; that a risk assessment is made with respect to both fraud and error, which determines the scope of work; that internal control is considered (but no opinion on internal control is expressed 8 ); 7 ISA 570 Going Concern 8 Except when an opinion on internal control is expressed, as is the case mostly in audits coming under the jurisdiction of the US Securities and Exchange Commission. 10

13 that the auditor evaluates the appropriateness of the accounting policies used and the reasonableness of accounting estimates made by management; as well as an evaluation of the overall presentation of the financial statements. We believe this reflects a significant effort by the IAASB to improve the communication to users and do not believe further expansion is necessary or desirable. In fact, as the Paper points out, there is some support for reducing the size of the report. Also, the IAASB is conducting further research into the effectiveness of the auditor s report. b) All audit methodologies are highly technical. It seems unlikely that many stakeholders would be interested in, or understand, many aspects of the audit approach. Also, it implies that different approaches are right or wrong when many different approaches can result in a high quality audit. It seems unlikely that the type of communication proposed would be of significant value. c) While users may not want information about the auditor s processes and activities, additional research may be needed about whether there is a need to provide more information about the auditor s findings. d) Contrary to footnote 17 on page 7 of the Paper, an emphasis of matter paragraph in the auditor s report is not meant to enable users of the financial statements to have a better understanding of the matter. Rather, it is to direct readers attention to a particular disclosure in the financial statements because it is deemed to be critical. It is up to management to provide in the financial statements the information required to enable users to understand the matter. 2. Under the heading Better Internal Communication, the Paper suggests enhanced dialogue with the company s Audit Committee. a) We agree that dialogue with Audit Committees is essential. The Paper mentions risks, material disclosures, irregularities, accounting methods used and window dressing. These matters are covered in ISA In addition to ISA 260 there are 14 other ISAs that require matters to be reported to the Audit Committee. See Appendix 1 for further information about how the EC s issues are dealt with in this ISA. b) We accept that improvements are possible by, for example, increasing the visibility and transparency of communications between the auditor, management and the audit committee. We suggest that a targeted examination of whether permitting internal communications to be released to market participants would improve information flows. Once again, we would recommend that that the international community be involved in any proposals on this issue. 3. The Paper indicates a need to strengthen cooperation between auditors and supervisory authorities a) We agree that there should be as much cooperation as possible between auditors and supervisors. There are issues of client confidentiality to deal with and legal environments in different jurisdictions can significantly affect what is possible. This needs to be balanced against the possibility that clients may not be as forthcoming 9 The term audit committee is not used in the ISAs but those charged with governance is equivalent, and would also include the Board of Directors. 11

14 with the auditor when they know that the auditor may pass this information on to a supervisor. b) We note that communication should be a two way street and supervisors need to communicate critical information to auditors if the system is to work properly. c) We are not concerned that further cooperation would blur the respective responsibilities of auditors and supervisors. Each has a distinct role, but it is important they cooperate. d) ISAs 240 and both require the auditor to consider any responsibility to report matters to regulators or other third parties. 4. The paper identifies a problem with the all or nothing approach to auditor qualifications a) We believe this is largely an unfortunate consequence of securities regulators not accepting financial statements when the auditor s report thereon is qualified. Qualifications are serious and should be so treated. However, regulators should be persuaded to accept qualifications that are not remediable such as, for example, those due to auditor lack of access to needed information that is beyond the control of company management. Recommendation We recommend that the EC recognize that the auditor s standard report in the ISAs substantively addresses the issues raised in the Paper and that the IAASB is currently researching the effectiveness of the auditor s report. The possibility of making internal communications available to a wider audience needs to be researched before any changes are made. Further education of users about the purpose of an audit and the role of the auditor, if needed and desired, could be undertaken by other means. We also propose that any recommendations concerning communications with audit committees seek to involve the international community so that diverse solutions are avoided. We support cooperation with supervisors to the extent possible under local legal environments. E. Auditor Behaviour 1. The Paper suggests that auditors actively challenge management from a user s perspective, and exercise professional scepticism. The Paper also discusses the issues of professional judgment and the auditor s consideration of substance over form. There is an implication that auditors are not performing in these areas, or that perhaps new requirements are needed. Commentary a) We believe it is a misconception that auditors do not actively challenge management or concern themselves with substance over form. Professional scepticism and judgment are pervasive, both in practice and in auditing standards. b) We acknowledge that improvement is always possible, but we do not think further rule writing is the answer. The risk model in the ISAs is based on the fundamental premise that the auditor does not accept management s representations, but seeks evidence to support or refute (i.e., challenge) them. Independence structures, internal quality control reviews of the audit work and financial statements, and 10 ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements 12

15 audit committee relationships also motivate auditors to such challenges, not to mention the legal liability risk. c) Good examples of standards that require both professional scepticism and challenge of management can be found in ISAs 240 and 250; fraud and illegal acts are two areas where scepticism is particularly important. d) The issue of substance over form, which is primarily an accounting issue covered in IAS 1 in the IFRSs is adequately dealt with in ISA 700 that requires the auditor to evaluate whether financial statements achieve fair presentation. This evaluation shall include consideration of the qualitative aspects of the entity's accounting practices, including indicators of possible bias in management's judgments. e) We believe the ISAs are more than adequate in this area in terms of standardsetting. Nevertheless, more research may be appropriate to discover how effectively the concept of substance over form is applied in practice. Recommendation We recommend that the EC recognize that professional scepticism, professional judgment and substance over form are effectively addressed in the ISAs. We recommend that no new rules are needed at this time on these topics but if any measures are considered they should be fully researched for their practicality and international consistency. F. Small and medium sized entities (SMEs) 1. The Paper questions whether the ISAs should be further adapted to meet the needs of SMEs. Commentary a) As the ISAs were developed, extensive input was obtained from SMEs and their auditors, who were represented on the IAASB. In particular, the Small and Medium Practices Committee of IFAC provides direct input from an SMP/SME perspective into the work of international standard setters to shape their work agenda and ensuring standards produced are applicable to SMEs and SMPs 11. Fifteen of the ISAs include specific consideration for the audit of SMEs. Accordingly, we do not believe changes are warranted at this time. b) If further guidance is needed, it can be provided and in some jurisdictions there is guidance 12. Note that even Big Four firms audit many SMEs; it is not only a small audit firm issue. It would be inefficient for large firms to have to cope with two different audit standards. c) The ISAs were developed on the basis that an audit is an audit. That is, just because an entity is small does not mean that the audit of its financial statements should be any lower in quality than that for a large entity. The standards are developed on the basis that the nature, timing and extent of procedures, including for example, the nature and extent of focus on control risk, can be changed to meet the particular circumstances of the entity. High quality audits of small entities can 11 Handbook of International Quality Control, Auditing, Review, Other Assurance and Related Services Pronouncements 2010 Edition, Part 1 International Federation of accountants (page 4, Other Initiatives). 12 For example, the Research Study Audit of a Small Entity (Canadian Institute of Chartered Accountants) 13

16 be performed in accordance with the ISAs at much less cost than those of large complex entities. d) The Paper addresses the issue of whether there should be a two tiered system whereby audits of smaller entities would be less rigorous than other audits. A number of questions arise if this approach were taken: What would be the justification for such an approach and what aspects of audit quality should be reduced for audits of SMEs? How would the tiers be determined? A size test? Public vs. non public entity? Would a two tiered system create further barriers to SMPs undertaking audits of public companies (i.e., would their experience and training make them focus entirely on the lower tier audits?) Would it exacerbate any confusion among users about the object of an audit? e) In most jurisdictions, all public companies must have an audit. Many jurisdictions have large numbers of small public companies. For example, in Canada there are many small mining companies in the exploration stage that are dependent on capital raised on equities markets. In many cases, the only items on the balance sheet are exploration and development costs and share capital, which are straightforward to audit. Thus, many of the specific standards are simply not applicable. Existing auditing standards have been found to be scalable to audits of this kind of company and there is no reason to believe the new ISAs will be any different. f) Non public entities in North America, including some very large entities, may forego the benefits of an audit and opt instead for an enquiry based review. Review standards have been widely used and found to be effective. g) The Paper uses the terms limited audit, statutory review and limited review and it is not clear whether these are three different types of engagement and if so, what are the differences among them. It is also not clear how they relate to existing standards developed by the IAASB and those being revised, including the International Standards on Review Engagements (ISREs). Recommendation We recommend that the EC maintain one standard of audit for all entities as reflected in the ISAs. We also recommend that, for entities that do not have an audit but need assurance from a professional accountant on the financial statements, the EC support the efforts of the IAASB in developing a robust set of review engagement standards. We also recommend that the EC accept that the ISAs adequately deal with the particular aspects of auditing SMEs. G. Quality Control Standards for Small and Medium Sized Audit Practices (SMPs) 1. The Paper questions whether quality control standards should be modified to apply to small and medium sized audit practices. Commentary a) In this commentary, we assume that the term SMP does not refer to second tier firms with hundreds of partners, albeit much smaller than the Big Four. These second tier firms could realistically be expected to have the resources to compete for audits of multi national and large local companies. Some jurisdictions have many 14

17 firms with less than ten partners, and some with only one or two, that audit public companies. Canada is one example where clients of very small firms are development stage resource companies, some of which have operations in other countries. Although we are not aware of any academic research on this subject, anecdotal evidence suggests that these firms are finding appropriate ways to apply the IAASB s Quality Control Standards 13. For example, independence rules concerning financial interests that involve large and complex international infrastructures to manage in large firms can be handled very simply in a small single office firm where everyone can easily know what everyone else is doing. While some tweaking may be appropriate, we believe quality control is just as important for these firms as for larger firms. b) If a lower standard were to apply, which standards would be eliminated or reduced? c) How would the tiering re quality control be determined? Could SMPs with no public clients be subject to fewer controls? If so, would that then impair their ability to subsequently take on public clients? Recommendation We recommend that one standard of quality control requirements should apply to all practices, large and small. Experience indicates that the existing International Standard on Quality Control (ISQC) No. 1 is sufficiently adaptable that it can be applied effectively to even the smallest firms. To establish a lower standard of quality control would send an inappropriate message about how small audit firms conduct their practice. H. Possible expanded roles for the auditor 1. The Paper suggests possible expanded roles for the auditor, such as reporting on risks, financial health, certain forward looking information and details of how the audit was performed. General commentary a) The Paper correctly observes that these extensions should take place only if there is real value added for stakeholders. This should be the focus of research into the desirability of expansion. b) IAASB has issued International Statement on Assurance Engagements (ISAE) It sets out standards for all engagements that would be part of any expanded role, other than any for which specific standards already exist or will be issued. Among other matters, this ISAE discusses the need to consider the suitability of the subject matter and the criteria against which the auditor would report. c) For auditors to be able to report on matters other than the conformity of the financial statements to an appropriate financial reporting framework, there must be suitable criteria against which to report compliance, and the criteria must be accepted by management and the users of the report. In some cases, for example interim financial statements and internal control, criteria may exist; for others such as financial health this is not the case. 13 International Quality Control Standards ISQC No. 1 Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and other Assurance and Related Service Engagements. 14 ISAE 3000 Assurance Engagements Other Than Audits or Reviews of Historical Financial Information 15

18 d) To provide meaningful assurance, the auditor will in most cases require expertise beyond that necessary to audit historical financial statements. In some cases, the expertise will be far removed from an auditor s experience and he or she will need to obtain at least sufficient expertise to reasonably assess the work of an expert in the field. 15 The cost vs. benefit implications of this need to be carefully considered. e) Significant issues arise from any such expansion, including impact on auditor independence and blurring the roles of management and auditors. More detailed reports are currently given to audit committees, but even these do not give direct opinions on such additional matters. f) These expanded roles could adversely affect the timeliness of financial reporting if they were conducted in conjunction with the audit of the financial statements. Commentary on possible expanded roles identified in the Paper g) Reporting on interim financial statements. There is considerable international practice in this area, particularly for SEC registrants, albeit in the form of a review, rather than an audit. There is research available on the costs and benefits of this approach, but perhaps more is needed. Note that the EC s Governance Green Paper identifies concerns that shareholders short term focus may be a problem and auditor reporting on interim information could exacerbate that. If the benefits are considered sufficiently important, this is an area where expertise and criteria are present and standards are in place. h) Reporting on sustainability issues (e.g., how companies integrate social and environmental concerns into their business operations and interaction with their stakeholders). (Pages 8 9). Reporting on sustainability is an increasingly common field for auditors and standard setting bodies such as the IAASB are considering it. In this case, an audit is possible because criteria have been developed by internationally recognized bodies such as the Global Reporting Initiative (GRI) and AccountAbility, although no single set of criteria has yet become generally accepted. The EC should also consider the role of the International Integrated Reporting Committee, which aims to create a globally accepted framework for accounting for sustainability. To audit in this area, auditors need to use specialist expertise. Auditors have some experience in this area because in many audits they are required to consider issues such as provisions for environmental liabilities and cost of asset retirement obligations in the entity s financial statements. Larger firms now employ their own specialists; smaller firms may need to hire the expertise on an engagement by engagement basis. If the EC pursues this, it will be important to develop requirements that accord internationally, i.e., with ISAE i) Reporting on internal control over financial reporting. Auditors reports on internal control over financial reporting are required for some entities by the SEC and there has now been significant experience with this service wherever the SEC s jurisdiction extends. There is research available on the costs and benefits, but no consensus except that the costs are high. The EC should study the outcomes of experience to date before deciding to require such reporting and, if so, to which entities. There is a misconception by some that an auditors report without reservation on the financial statements means the audited entity has effective internal control over financial reporting. This has never been the case, and the form of auditors report in 15 See ISA 620 Using the Work of an Auditor s Expert. 16

19 the new ISA 700 specifically so states. In considering whether to require reporting by auditors on internal control over financial reporting the EC should investigate why jurisdictions other than the US have to date been unwilling to adopt this practice. j) Reporting on financial health (page 3). Apart from the reporting issues related to going concern, there is no practice in this area and the EC should proceed with great caution before considering it. The most important problem is lack of agreed upon criteria and auditor expertise. k) Reporting on the audited entity s exposure to future risks or events, the potential risks to intellectual property, sectoral and commodity and exchange risk, and the extent to which intangible assets would be adversely affected (pages 7, 8 and 9). Information on these risks is included in annual and in some cases quarterly reports of public entities (MD&A). It is management s responsibility to report on such matters and for auditors to report would mean going well beyond their expertise. Although they deal with this kind of issue as part of an audit (for example, when auditing asset retirement obligations), to report on them publicly raises many complex issues of user understanding and confusion of the roles of management and the auditor. ISA 720 requires that the auditor read and consider certain information disclosed by management; we believe any expansion of this to direct public reporting blurs the distinction between management and auditor responsibilities. Also, an auditor reporting publicly on any future oriented financial information may create a conflict of interest when the auditor subsequently audits the financial statements containing the actual results for the period covered by the future oriented financial information. Recommendation Where there is already practice, such as reports on internal control over financial reporting and interim financial statements and on various aspects of sustainability, we recommend the EC consider standards already in place or under development, and the experiences of other jurisdictions that have already implemented such standards. For proposed new roles, we urge the EC to proceed with caution, being alert to independence and conflict of interest issues and taking care not to create further misunderstandings, for example by blurring the respective roles of management and the auditor; extending roles beyond the expertise of auditors; or requiring reporting when there are no well established criteria. I. Governance and Independence of Audit Firms 1. The Paper questions whether auditor independence might be improved by measures such as appointment of auditors by a regulator, mandatory rotation of firms and further restrictions on non audit services. A key issue is whether such measures would, in fact, improve auditor independence and, more importantly, audit quality. Commentary a) Matters related to independence, including rotation of firms, concerns about companies appointing and paying the fees of auditors and the effect on independence of performing other services have been considered in the past by academics and by standard setters and regulators (national and international) in setting rules of professional conduct for public accountants. For example, the IESBA Code is accepted internationally as a basis for establishing requirements in these 17