The term 'in-house audit' is not defined in the Code. However, it is used to commonly refer to a situation where the audit of an SMSF is conducted by an auditor who works for a firm or network firm that provides non-assurance services to the SMSF trustee(s). This can be, for example, accounting, compliance and administration services.
Some firms may consider they can perform both audit and non-assurance services as long as they have practices in place to separate those functions or activities. This is commonly referred to as ethical or Chinese walls. For example, they may have separate teams or divisions in the firm reporting to different partners.
Some non-assurance services can be provided to an SMSF audit client in-house (for example, routine tax return preparation). However, in many cases providing such services will give rise to independence threats (including self-interest, self-review and intimidation threats). These threats will need to be evaluated and addressed.
In-house audits will only be permitted in limited circumstances. Auditors must comply with the following requirements when providing non-assurance services:
- A firm or network firm shall not assume a management responsibility for an SMSF audit client. If a firm or network firm assumes any management responsibility for an SMSF audit client, they cannot audit the fund under any circumstances.
To avoid assuming such responsibility the firm must be satisfied, when providing any non-assurance service to the SMSF audit client, that the trustee(s) make all judgments and decisions that are the proper responsibility of management.
- If a firm or network firm has not assumed management responsibility for an SMSF audit client but provides accounting or bookkeeping services to that client, including preparing the fund’s financial statements on which the firm will express an opinion (or financial information that forms the basis of such statements), they cannot audit the fund unless both of the following apply:
- the services are ‘routine or mechanical’
- the firm addresses any independence threats created by providing the service that are not at an acceptable level. It must either eliminate the circumstances creating the threats or apply appropriate safeguards to reduce the threats to an acceptable level.
Where a firm cannot satisfy the above requirements, they will need to decline or remove themselves from the audit or non-assurance services engagement.
Management responsibility prohibition
The requirement that a firm cannot assume a management responsibility for an SMSF audit client is an absolute prohibition that applies to all non-assurance services.
If a firm assumes any management responsibility for an SMSF audit client, they cannot audit the SMSF under any circumstances. This is the case:
- even if the non-assurance services are bookkeeping or accounting services, and both
- the services are ‘routine or mechanical’
- independence threats are addressed by way of an appropriate safeguard
- regardless of how simple the fund’s investments are and whether data feeds are used to help automate aspects of the services.
Because the management responsibility requirement operates as an absolute prohibition, there is no need to consider the other independence requirements of the Code (such as the 'routine or mechanical test') if this requirement hasn't been complied with.
Management responsibilities
In general terms, management responsibilities involve controlling, leading and directing an entity, including making decisions on its behalf, such as setting strategic direction. They are typically activities that require a decision to be made or judgment to be exercised by the persons responsible for managing the entity.
In the SMSF context, management responsibilities are activities, decisions and judgments that the trustee(s) are ultimately responsible for in their role in managing the fund. They include:
- setting policies and strategic direction
- authorising transactions
- controlling or managing bank accounts or investments
- deciding which recommendations of the firm to carry out or advice to act on
- taking responsibility for the preparation and fair presentation of the financial statements
- ensuring compliance with the SISA and SISR
Management responsibilities cover all decisions and judgments made on behalf of the fund to ensure the trustee(s) comply with their obligations under the super and tax laws, including those made when:
- setting up the fund – for example, decisions about
- structuring the fund
- preparing the fund’s trust deed and organising how to execute it
- developing and maintaining the fund’s investment strategy
- making and managing fund investments – for example, decisions about
- structuring investments to comply with the investment restrictions
- borrowing rules
- sole purpose test
- non-arm’s length income rules
- accepting contributions and paying benefits – for example, decisions about
- maximising the contributions caps
- when to commence a pension and ensuring pension and transfer balance cap requirements are met
- how best to structure the payment of benefits
- preparing the fund’s accounts and financial statements – for example, decisions made
- when setting up and maintaining data feeds to capture income from investments
- coding fund transactions
- reporting fund assets at market value
- allocating income to member accounts
- calculating tax payable by the fund.
To comply with the independence requirements, firms conducting the audit of an SMSF need to make sure they do not directly or indirectly assume any management responsibilities for an SMSF audit client when providing non-assurance services to that client.
Providing non-assurance services to an SMSF audit client creates self-review and self-interest threats if the firm or network firm assumes a management responsibility when performing the services. Assuming a management responsibility also creates a familiarity threat and might create an advocacy threat. No safeguards are available or capable of being applied to reduce these types of threats to an acceptable level.
Whether a particular activity or decision is a management responsibility is a question of professional judgment that will ultimately depend on the circumstances.
Firms may find it difficult to demonstrate they comply with the management responsibility requirement in practice. This is because many trustees rely on tax professionals, such as accountants and administrators, to assist them manage their fund and make certain judgments and decisions for them. Trustees cannot simply approve everything after the fact.
Any assistance provided to an SMSF audit client may be a relevant consideration when determining whether the requirement has been met, and whether the trustee has taken responsibility for the decisions made.
Use of data feeds to help automate preparation of financial statements
Where firms use data feeds to help automate aspects of accounting services, such as the preparation of financial statements, they will assume management responsibility if they have made any decisions and judgments in relation to the set-up and maintenance of data feeds that remain the responsibility of the trustee(s).
For example, they may:
- select the accounting software for the data feeds and set it up for the trustee(s)
- establish the general ledger and decide how the transactions to be captured by the data feeds are to be coded and classified
- check the data from the feeds used in the financial statements and tax calculations to ensure it is correct
- confirm that all transactions recorded from the feeds have been accurately reflected in the fund's accounts – for example, where contributions and earnings are automatically allocated to a member's account
- monitor the data feeds to ensure they are operating correctly
- be accountable for any mistakes in preparing the statements from the data feeds.
Whether a particular decision or judgment involved in setting up and maintaining data feeds is a management responsibility will ultimately depend on the circumstances. However, given the types of decisions and judgments typically involved (highlighted above), firms may find it difficult to substantiate that they comply with this requirement.
If a firm has assumed a management responsibility for the fund, they do not need to consider whether the 'routine or mechanical' test has been met as the firm is already prohibited from providing the service to the fund.
Other decisions and judgments a firm makes in relation to the preparation of financial statements that are not automated through data feeds will still amount to assuming a management responsibility if they remain the proper responsibility of the trustee(s). For example, it is more likely that the firm is assuming management responsibility for the fund in providing these services where a firm prepares the general ledger, trial balance and financial statements independent of the trustee(s), based on transactions the firm has coded from the fund’s source documents.
Providing advice and recommendations
If a firm provides advice and recommendations to assist the trustee(s) comply with their responsibilities as part of providing a non-assurance service, this is not considered assuming a management responsibility. This is provided the trustee(s):
- understand the advice and recommendations
- have assessed and evaluated them and decided what action to take
- have suitable skills, knowledge and experience to make any judgments and decisions in connection with the services.
Evidence to support compliance with the management responsibility prohibition
To avoid assuming a management responsibility, the firm must be satisfied that the trustee(s) make, and are capable of making, all judgments and decisions that are the proper responsibility of ‘management’ in connection with the non-assurance services. In the SMSF context, 'management' refers to the fund trustee(s).
This includes ensuring that the trustee(s):
- have suitable skills, knowledge and experience to remain responsible at all times for decisions relating to the fund
- understand the objectives, nature and results of the services
- understand their responsibilities and those of the firm in connection with the services
- oversee the services provided by the firm and evaluate whether they are adequate
- accept responsibility for the actions, if any, that flow from the results of the services.
If a firm or network firm provides non-assurance services to an SMSF audit client, such as the preparation of financial statements, the auditor will need to demonstrate they have complied with the independence requirements. This means the auditor will need to form an opinion that the firm did not assume any management responsibilities for the SMSF audit client and document this in the audit file.
We expect the auditor to document what they relied on in forming this opinion. For example, we expect the auditor to have checked with the relevant member of the firm who provided the non-assurance services whether any management responsibilities were assumed for the SMSF.
Where the firm has prepared the financial statements for the SMSF, the auditor also needs to document how they formed the opinion that the trustees took on the responsibility for the preparation and fair presentation of the statements as opposed to the firm. This includes documenting the basis on which they formed the opinion that the trustees had the relevant skills, knowledge and experience to do so.
Where the SMSF trustee(s) provide the firm with a trial balance, transactions they have coded or preapproved entries for the preparation of the trial balance or financial statements, this constitutes evidence that the trustees have taken on responsibility for the preparation and presentation of the financial statements. The firm can use this evidence to demonstrate that they did not assume a management responsibility. In certain instances, such evidence may also be used to substantiate that the service is 'routine or mechanical'. The auditor should keep this evidence on the audit file to substantiate compliance with the standards.
It is not sufficient evidence to provide only a representation letter or declaration signed by the trustees stating that they have made all judgments and decisions that are the proper responsibility of management, including in relation to the preparation of the fund’s financial statements.
Copies of signed financial statements are also not enough to substantiate compliance with the management responsibility prohibition.
When monitoring compliance with this requirement, we will be checking that the auditor's opinion has been appropriately formed by asking firms to confirm whether they have assumed any management responsibilities for the SMSF in providing the non-assurance services. If they claim they haven’t, we will request evidence that the trustee(s) have:
- remained responsible at all times
- made all relevant decisions and judgments in managing the fund
- the skills, knowledge and experience required for the above.
We will also contact the trustee(s) directly to verify that the firm or network firm has complied with the ‘management responsibility’ prohibition.
Routine or mechanical test
A firm or a network firm is prohibited from providing accounting or bookkeeping services to an SMSF audit client unless:
- the services are 'routine or mechanical', and
- the firm addresses any independence threats created by providing the service that are not at an acceptable level – for example, by applying an appropriate safeguard.
A firm will only need to consider whether the 'routine or mechanical' test has been met if they have not assumed any management responsibility for an SMSF audit client (including taking responsibility for the preparation and presentation of the financial statements).
Accounting and bookkeeping services include the:
- preparation of financial statements and accounting records
- recording of transactions
- payroll services.
For accounting and bookkeeping services to be ‘routine or mechanical’, the services must involve little or no professional judgment by the firm. The Code includes some examples that are particularly relevant to the preparation of financial statements.
Firms may find it hard to substantiate that the ‘routine or mechanical’ test has been met, even with appropriate safeguards in place. This is because of the degree of professional judgment they exercise in carrying out the services.
Preparation of financial statements and pre-approval of accounting transactions and entries by trustees
The following services involved in preparing the fund's financial statements are considered ‘routine or mechanical’:
- posting transactions coded by the trustee(s) to the general ledger
- posting journal entries approved by the trustee(s) to the trial balance
- preparing financial statements based on a trustee approved trial balance
- preparing related notes based on records approved by the trustee(s).
The extent of the firm's involvement in the preparation of the fund's financial statements and the level of professional judgment required will be key in determining whether the services are 'routine or mechanical'. For example:
- If the trustee(s) code the transactions and pre-approve the accounting entries and trial balance, which the firm uses to prepare pro-forma financial statements, the services are more likely to be 'routine or mechanical'. This is because the firm only needs to exercise limited judgment in preparing the statements. In doing so, the trustee(s) are also showing they are taking responsibility for the preparation and fair presentation of the financial statements, which is a management responsibility.
- If the firm prepares the general ledger, trial balance and financial statements independent of the trustee(s) based on transactions the firm has coded from the fund’s source documents, the services will not be ‘routine or mechanical’ as they require the firm to exercise significant professional judgment. It is also more likely that the firm is assuming management responsibility for the trustee(s).
While it will ultimately depend on the facts of the case, we consider that firms will find the 'routine or mechanical' test difficult to substantiate in practice. This is due to the level of professional judgment ordinarily involved in carrying out services relating to the preparation of financial statements for SMSFs.
We expect to see evidence on the audit file that any services provided as part of preparing the fund's financial statement are 'routine or mechanical'. This evidence could consist of trustee coded transactions and approved trustee entries in the trial balance that the firm then uses to prepare proforma financial statements.
Use of data feeds to help automate preparation of financial statements
Automating aspects of accounting services using data feeds, such as in the preparation of financial statements, is not of itself sufficient to make the services ‘routine or mechanical’.
Firms who use data feeds to automate the preparation of an SMSF’s financial statements still need to consider the degree of professional judgment exercised by the firm in carrying out those services.
When establishing and maintaining data feeds, firms typically make decisions requiring the exercise of professional judgment. Where this is the case, the preparation of financial statements based on those data feeds will not be ‘routine or mechanical’.
Examples of these decisions and judgments are discussed in Management responsibilities – Use of data feeds to help automate preparation of financial statements.
Whether the preparation of financial statements using data feeds is ‘routine or mechanical’ will ultimately depend on the circumstances.
However, firms may find it difficult to substantiate compliance with the ‘routine or mechanical’ test in practice. This is due to the type of decisions and judgments the firm makes in relation to the set-up and maintenance of data feeds.
As such decisions and judgments will generally amount to assuming a management responsibility, there may not be a need for firms to consider the 'routine or mechanical' test when preparing the SMSF's financial statements.
Complexity of fund investments
The complexity of the fund’s investments (including the type and mix of assets) is not of itself determinative when working out whether bookkeeping or accounting services are ‘routine or mechanical’. The critical consideration is the degree of professional judgment involved in providing the service. ‘Routine or mechanical’ services require little or no professional judgment by the firm.
Even where a fund has simple investments (for example, term deposits, ASX listed shares and fixed interest) firms may still exercise professional judgment in carrying out the service by:
- coding transactions and posting them to the general ledger
- preparing the general ledger from source documents
- preparing journal entries and posting them to the trial balance
- selecting accounting software
- establishing and maintaining data feeds
- managing the fund's investments and compliance with the super laws.
Undertaking such activities are not ‘routine or mechanical’ services. In many cases, they may also involve the firm assuming a management responsibility for the trustee(s).
The more complex a fund’s investments are, the more likely it is that the firm will need to exercise a degree of professional judgment in carrying out the services. That will mean the services are not ‘routine or mechanical’.
Example 2 in Chapter 8 of the Independence Guide (PDF, 1.56MB)This link will download a file demonstrates how the complexity of fund investments affects the level of professional judgment required in preparing the fund's accounts.
Applying appropriate safeguards
Even where a firm is able to show that they do not assume any management responsibility for an SMSF audit client and any accounting or bookkeeping services provided to the trustees are 'routine or mechanical', they must still address any independence threats that are not at an acceptable level. They must either:
- eliminate the circumstances, including interests or relationships, creating the threats
- apply appropriate safeguards, where available and capable of being applied, to reduce the threats to an acceptable level.
Safeguards are actions, individually or in combination, that a firm takes to effectively reduce the threats to independence to an acceptable level.
Whether an appropriate safeguard is available and capable of being applied will depend on the circumstances. However, appropriate safeguards may consist of either:
- using professionals who are not audit team members to perform the service
- having an appropriate reviewer who was not involved in providing the service review the audit work or service performed.
The Glossary of the Code describes what is meant by the term 'appropriate reviewer' as it is used in the Code.
A sole practitioner (and their employees) cannot audit an SMSF if they have provided accounting or book-keeping services to the trustee(s). This is the case even if the services are ‘routine or mechanical’, as the situation gives rise to a self-review threat that is not at an acceptable level. The circumstances creating the threat cannot be eliminated, and no appropriate safeguards can be put in place to reduce the threat to an acceptable level.
Appropriate reviewer requirements
The term ‘appropriate reviewer’ is described in the Code as meaning: a professional with the necessary knowledge, skills, experience and authority to review, in an objective manner, the relevant work performed or service provided.
An appropriate reviewer may also be impacted by the same threats as the auditor. For example, another SMSF auditor working at the same firm who is considering acting as an appropriate reviewer:
- may also benefit from the fees generated by the large referral source
- is likely to experience the same self-interest and intimidation threats.
These threats might affect the internal reviewer’s ability to perform reviews in an objective manner. Accordingly, the appropriate action may be to engage another SMSF auditor external to the firm to conduct the review of the audits.
Appropriate reviewers need to use their professional judgment when determining whether they can undertake reviews in an objective manner.
Professional judgment is also required to determine the nature and extent of procedures to be performed by the appropriate reviewer, to reduce the independence threats to an acceptable level. On the audit file we would expect to see the appropriate reviewer's documented notes that explain the:
- steps taken to complete the review, and
- outcome of the review, including whether the appropriate reviewer concluded the auditor’s reports were appropriate in the circumstances.
A sampling approach by the appropriate reviewer might be suitable in situations where independence threats arise from the auditor receiving a large proportion of their fees from the one referral source. In this case, in addition to the above, we would also expect to see the appropriate reviewer's documented notes on the audit file that explain:
- why sampling is an effective approach to the review, and
- what sampling methodology was applied.
If a sampling approach is adopted, we would expect a risk-based selection of the sample of funds for review. It should be representative of all the SMSF audits, ranging from simple to complex funds. However, we would also expect the sample to include a significant proportion of the more complex funds where the auditor exercised a higher level of professional judgment when conducting the audit.
Issues for firms when restructuring
Firms who currently provide non-assurance services to an SMSF audit client will need to self-assess whether they currently meet the independence requirements. If a firm needs to restructure their arrangements to comply with the new independence requirements, they need to be careful they do not create other independence issues.
For example, the firm needs to ensure they do not enter into arrangements with other firms that gives rise to independence threats that can inappropriately influence an auditor’s judgment or behaviour, such as certain reciprocal auditing arrangements.
If a scenario gives rise to multiple threats to independence which may not be significant when considered individually, the Code still requires firms to evaluate the combined effect of threats and address the threats where necessary.
Firms should apply the litmus test when assessing independence. They should ask themselves if they would have any hesitation in writing up an adverse finding or in qualifying an audit report. If there's any hesitation, it may be an indication that independence is impaired and the auditor should consider declining the audit engagement.
Reciprocal auditing arrangements and referral source issues
Reciprocal auditing arrangements pose a major risk to auditor independence and are of particular concern to us.
One type of reciprocal arrangement occurs where 2 auditors with their own SMSFs agree to audit each other’s funds.
The threats to independence that arise in this situation are similar to the scenario of a two-partner practice, in which one partner is asked to audit an SMSF where the other partner is a trustee. No safeguards can reduce the threats to an acceptable level. The auditors will need to decline or end the audit engagement.
Another reciprocal arrangement of concern occurs where 2 professional accountants who are also approved SMSF auditors:
- prepare the accounts for a number of SMSFs and
- enter into an arrangement to audit the SMSFs of each other’s clients.
This type of arrangement may give rise to the following independence threats that will need to be evaluated on a case-by-case basis and addressed if not at an acceptable level:
- self-interest threat – may arise if the auditor is reliant or dependent on one referral source for all or a large proportion of their fees as this may inappropriately influence their judgment or behaviour
- intimidation threat – may arise if the auditor is deterred from acting objectively because of actual or perceived pressures from the referral source
- familiarity threat – may arise due to the close relationship between the auditors where each auditor may be sympathetic to the other's interests or too accepting of each other's work.
If the total fees generated from one or more audit clients, including SMSF audit clients, referred from one source represent a large proportion of the total fees of the firm expressing the audit opinions, self-interest and intimidation threats will arise. This is due to the dependence on the referral source and concerns about losing those clients. The firm will need to evaluate the significance of the threats and consider what safeguards may need to be applied to eliminate the threats or reduce them to an acceptable level.
Factors relevant in evaluating the significance of threats include:
- the operating structure and services offered by the firm
- whether the firm is well established or new
- the significance of the client or referral source to the firm, both qualitatively and quantitatively.
For example, if a firm generates most of its income from providing non-assurance services, then the independence threat(s) arising from that firm having one referral source for SMSF auditing income will be less significant, compared to a firm with one referral source that derives all or most of its income from auditing SMSFs.
Independence threats may also be less significant in a new firm that is growing its client base and may have only a few referral sources for SMSF audit clients compared to a well-established firm with the same amount of referral sources. While the Code does not explain what is meant by a 'new' firm, we would generally consider a firm that has been in operation for less than 2 years to meet this definition.
The Code does not specify a number of referral sources, or set percentage of fees from one or more referral sources, required to reduce independence threats to an acceptable level. Nor does it explain what constitutes a 'large proportion' of a firm's total fees. However, for well-established firms that generate most of their income from providing SMSF auditing services, as a guide, if the total fees generated from one referral source are less than 20% of the firm's total fees, we would not consider this in itself to create independence threats. Other factors may still be relevant in evaluating the level of any threats to independence.
If the total fees generated from one referral source are greater than 20% of the firm's total fees, depending on the circumstances, the independence threats may be significant enough to warrant the firm implementing appropriate safeguards to reduce those threats to an acceptable level.
This is ultimately a question of professional judgment for the auditor or firm to determine on a case-by case basis, having regard to the particular facts. In some cases, a lower or greater threshold may be appropriate, when taking into account all relevant factors. This includes considering the percentage of fees generated from one referral source over a reasonable timeframe of at least a few years rather than a point in time, to recognise that changing or developing the firm’s client base and structure takes time.
Self-interest or intimidation threats will also arise if the fees generated from an SMSF audit client represent a large proportion of the revenue of one partner or office. Factors relevant to evaluating such threats include the significance of the client to the partner or office (both quantitatively and qualitatively) and the extent to which compensation of the partner is dependent on the fees generated from the client.
When applying the fee related provisions of the Code, and the above guidance, firms need to:
- determine the total fees from all ‘audit clients’ (as defined in the Code) from one referral source, not just SMSF audit clients, when identifying and evaluating any threats
- consider the firm’s ownership structure and any related entities (refer to the definition of 'firm' in the Code which includes an entity that controls or an entity that is controlled, through ownership, management or other means) when determining the ‘total fees’ of the firm.
Appropriate safeguards that can be applied to reduce independence threats to an acceptable level include:
- increasing the firm's referral base to reduce dependency on the referral source(s)
- having an appropriate reviewer who did not take part in the audit engagement review the work.
When using an 'appropriate reviewer' as a safeguard to reduce independence threats arising from a large referral source to an acceptable level, we accept that a sampling approach may be suitable when selecting the funds to be reviewed. For more information about sampling selection, auditors should refer to our guidance on Appropriate reviewer requirements.
Additional independence threats may also arise where either the:
- referral source is a former employee of the auditor
- auditor also receives referrals for non-audit work from the same referral source.
Approved SMSF auditors who continue to engage in reciprocal auditing arrangements (other than those involving 2 auditors auditing each other's SMSF, which are not permitted) will be subject to increased scrutiny. Referral to ASIC may result if we consider auditors have failed to meet the independence requirements.
Audit pooling arrangements and network firms
Audit pooling arrangements involve a group of firms entering into an arrangement to audit each other’s SMSF clients.
We understand that firms may be considering these arrangements to try and mitigate revenue loss when restructuring, while still satisfying the requirements of the Code.
However, depending on how they are structured, the arrangements may give rise to self-interest, familiarity and intimidation threats to independence. These threats will need to be evaluated and addressed if they are not at an acceptable level.
Because of the way audit pooling arrangements can be structured, and the nature of the relationship between the firms:
- the arrangements may involve in substance the creation of networks of firms, which could result in further independence issues
- the arrangements may result in the reciprocal auditing of SMSF clients
- the safeguard of spreading out client referrals to a number of SMSF auditors, which may be applied in other reciprocal auditing arrangements, may not be sufficient or appropriate to reduce threats to an acceptable level
- there is a risk that restructuring such arrangements (for example, where a firm withdraws from the audit pool) will give rise to additional independence issues.
For example, where the audit pool is structured so that some firms end up engaging in reciprocal auditing arrangements, firms will need to identify, evaluate and address the same types of independence threats that arise in those arrangements. This means they will need to consider, amongst other things, the fees generated from each referral source within the pool.
Even where the arrangement does not involve reciprocal auditing, firms within the pool still need to avoid creating a network of firms within the meaning of the Code as the independence requirements will still apply. For example, a network will be created if there is a structure aimed at cooperation that shares a common business strategy. This could occur, for example, in either or both of the following situations:
- where the firms in the pool have an entity overseeing the arrangement, and allocate audits amongst participants
- there are agreements in place, the terms of which provide that the firms agree to exclusively audit each other's clients on an ongoing basis.
Part 4A of the Code and Chapter 6 of the Independence Guide (PDF, 1.56KB)This link will download a file provide additional guidance on network firms, including when a network firm is created by a larger structure of firms.
If firms enter into an arrangement for the purpose of trying to determine whether another firm is (or other firms are) suitable to audit their SMSF clients, and participation is not conditional on the firm accepting ongoing referral work from other firms, the arrangement may not involve the creation of a 'network' within the meaning of the Code. However, firms should still consider whether any independence threats arise in the circumstances that need to be evaluated and addressed.
Some audit pooling arrangements may give rise to partnerships or joint ventures if there is an agreement between the firms in the pool to share revenue, profits and/or expenses in relation to the arrangement. If this is the case, there may also be taxation consequences to consider.
Whether a firm engaged in an audit pooling arrangement complies with the independence requirements will ultimately depend on the facts and circumstances.
However, we encourage firms to take care when entering into these arrangements as they are ultimately responsible for ensuring they comply with the requirements. This is the case even where the arrangement is structured through a third party provider.
These arrangements will be subject to extra scrutiny by us because of the potential threats involved in structuring a group of firms, and the risk of non-compliance.
Outsourcing type arrangements
Providing audit services to a client of previous firm
After an auditor leaves a firm, they are sometimes asked to undertake the audit work for that firm's SMSF clients. Some firms may regard this as outsourcing the audit work for their SMSF clients to a third party, therefore relieving themselves of any threats to independence.
However, auditors who look to take on clients of a previous firm that they used to provide non-assurance services to (such as accounting or advice services) whilst they were a partner, employee or consultant of that firm still need to be aware of potential self-review and familiarity threats that may arise in taking on those clients. This is the case even though the auditor is no longer associated with the firm. These threats might prevent the auditor from appropriately evaluating the results of previous judgments made, or advice provided to clients of the firm when the auditor worked for the firm.
Auditors could look to eliminate these threats by having another auditor in the new firm undertake the audits of previous clients. Where there are no other auditors available, an appropriate reviewer who was not involved in the audit work could review the work. If the time period from when an auditor was a partner of the firm exceeds 2 years, it will generally not create threats to independence. However, this is dependent on the particular facts and circumstances of the situation and the auditor must exercise professional judgment and apply the reasonable and informed third party test to determine if any threats to independence exist.
If the auditor is a member of a newly established firm, the new firm also needs to ensure its structure does not cause it to be considered a network firm (for example, because of common ownership or control between the firms).
Engaging specialist SMSF firms to prepare financial statements and conduct audits
We are aware that firms may be considering outsourcing accounting or bookkeeping services to another firm (whether located in Australia or offshore) as part of restructuring their arrangements to comply with the independence requirements.
For example, an 'outsourcing' accountant may engage a specialist SMSF firm to prepare the financial statements for a fund, but the accountant oversees the accounting services and takes responsibility for them. The specialist firm may:
- also conduct the fund's audit, or
- be a separate firm to the firm conducting the audit (the audit firm) but form part of a 'network' with the audit firm within the meaning of the Code (for example, because the firms are aimed at cooperation and have a common ownership structure).
If the specialist firm conducts the fund's audit, or the audit firm is a 'network firm' of the specialist firm, the specialist firm and/or the audit firm still need to comply with the independence requirements of the Code.
The fact that the accounting services may be provided by the specialist firm to the outsourcing accountant and not directly to the trustees under the arrangement does not change this. We consider that the services are still being provided to the SMSF audit client.
The scenario gives rise to independence threats as the accounting services are being performed by the same firm as the one auditing the fund, or by a network firm of the audit firm, in the same way as other firms that conduct audits and provide these services in-house.
The specialist firm cannot assume any management responsibility for the trustee(s) in carrying out the services.
The firm can also only prepare the financial statements for an SMSF audit client if:
- the services are considered ‘routine or mechanical’
- the firm addresses any independence threats created by providing that service that are not at an acceptable level, by eliminating the circumstances creating the threats or applying appropriate safeguards.
It may be difficult for the specialist firm, or the audit firm that is a network firm, to substantiate compliance with these requirements in practice. This is because the services are being 'outsourced' to the specialist firm under the arrangement, and the specialist firm may not deal with the trustee(s) directly.
For example, it is not unreasonable to expect that the specialist firm may:
- take responsibility for aspects of the preparation of the financial statements or make some judgments and decisions in connection with the services (or both) – making it more likely that the firm will assume some management responsibility
- exercise some professional judgment in carrying out the services – making it less likely that the services are 'routine or mechanical'.
This means the specialist firm cannot, for example, code any fund transactions when preparing the accounts for the fund or make any professional judgments such as determining the market value of certain fund assets and allocating contributions and earnings to the member's account.
Whether the outsourcing arrangement complies with the independence requirements will ultimately depend on the circumstances. This includes the individual service agreements between the trustee(s) and their accountant, and the accountant and the specialist firm, and how these agreements are implemented in practice.
We cannot provide any definitive or binding guidance on these arrangements in the absence of a complete analysis of the facts and circumstances of a particular case. We are only likely to undertake this type of analysis where we engage in a compliance review.
We do not think these arrangements are within the spirit of the Code so we will be closely scrutinising these types of arrangements because of the independence threats involved, and significant risk of non-compliance.