top stories

Share

Proposed revised International Standard on Auditing issued for comment
by the International Auditing and Assurance Standards Board of the International Federation of Accountants

Comments from ACCA
July 2005

 

Executive Summary

The Association of Chartered Certified Accountants (ACCA) welcomes the opportunity to comment on the proposed revised International Standard on Auditing 260 (Revised) The Auditor’s Communication with Those Charged with Governance (proposed ISA 260), issued for comment by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants.

ACCA supports the updating of this ISA, as we believe it will enhance the effectiveness of communication between auditors and those charged with governance. We also support the updated definition of ‘those charged with governance’ as it focuses more clearly on the important oversight role that audit committees and others fulfil.

We have concerns, however, that:

• Proposed ISA 260 requires the communication of matters that are not relevant to the oversight role, or are insufficiently important to audit quality to merit being mandatory, or duplicate external requirements (in one case, attempting to usurp the authority of the IFAC Code of Ethics).
  
• Circumstances where the oversight role is ineffective are not properly addressed. As much of the required communication will not be relevant in such circumstances, many requirements should be made conditional on the effectiveness of oversight.
  
• The circumstance where all those charged with governance are involved in managing the entity is given special consideration. While this may be relevant to the audit of many small entities, we believe that more can be done to ‘think small first’ by recognising the more general case, where the corporate governance function is not formalised.
  

General Comments

In this section, we provide general comments that include recommendations on matters highlighted in the Explanatory Memorandum as ‘Significant Proposals’.

THE COMMUNICATION PROCESS

We support the proposed measures that are designed to enhance the effectiveness of the communication process: the requirements to establish an understanding of communications with those charged with governance (paragraph 52), to communicate in writing (paragraph 56) and to evaluate the adequacy of the communication process and take appropriate action (paragraph 65).

MATTERS TO BE COMMUNICATED

We consider that communication with those charged with governance serves two primary objectives:

• to enable the auditors to fulfil the requirements of ISA 315 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (ISA 315) in relation to the internal control environment, and
• to provide information that may assist those charged with governance in their function.

As set out later in our response under the heading ‘Absence of an effective oversight function’, where the governance function is not effective we see no need for communication under the second of these objectives.

There is some argument that communication of information may promote an improvement in the governance function in succeeding years, but that alone is insufficient justification for the introduction of a mandatory requirement.

The following proposed requirements to communicate do not relate to the above objectives and should be eliminated:

• the responsibilities of the auditor (paragraph 23) – because those charged with governance will already be aware of this, for example from the letter of engagement
  
• matters in other ISAs or external requirements (paragraph 43(a)) – because ISAs need not duplicate other requirements (an appendix listing requirements in other ISAs would be sufficient)
  
• matters agreed with those charged with governance or management to be communicated (paragraph 43(b)) – because ISAs need not be concerned with such agreements
  
• other serious and relevant matters (paragraph 46) – because this should not be mandated (see below), and
  
• for listed entities, matters relevant to auditor independence – because ISAs should not duplicate the requirements of the IFAC Code of Ethics or go beyond them to usurp its authority.

We are particularly concerned about the requirements, proposed in paragraph 46, to communicate ‘other matters of which the auditor is aware that, in the auditor’s professional judgment, are serious and relevant to the responsibilities of those charged with governance’. The explanatory text indicates that such matters may come to the attention of the auditor otherwise than from the audit of the financial statements.

While well intentioned, this is a potentially onerous and open-ended requirement that adds little to the quality of the audit. Auditors are used to making such judgements, which may involve balancing ethical requirements to maintain confidentiality against the interests of the client or the public interest. We consider, therefore, that such communication should be in accordance with the professional judgement of auditors unencumbered by mandatory requirements.

Role of the auditor (and ISAs)
The level of detail proposed for matters to be communicated is such as to make the document, in effect, a standard to drive the behaviour of those charged with governance as much as that of auditors. Those charged with governance may receive information they do not want (this applies particularly to small entities) or find requests for information resisted because ‘it is not in the standard’. This should not be the purpose of auditing standards.

Indeed, these proposals could be interpreted as supporting a view that the auditor is responsible for the adequacy of the communication between management and those charged with governance, as well as for the adequacy of communication between the auditor and those charged with governance. In truth, auditors and those charged with governance must share the responsibility for their effective communication.

In fact, the auditor is not responsible for communication between management and those charged with governance. It is appropriate for the auditor to alert those charged with governance to possible deficiencies in management’s communication, but that should not extend to a requirement to make management’s disclosures.

Auditor liability
Paragraph 60 deals with the provision of information to third parties and sets out precautions that the auditor may adopt to minimise the liability risk. We consider that similar guidance should be provided in relation to the risk that those charged with governance might act in a personal capacity on such information.

CONSIDERATIONS IN THE AUDIT OF SMALL ENTITIES

All those charged with governance are involved in managing the entity

We give a cautious welcome to the recognition that particular considerations apply where all those charged with governance are involved in managing the entity. This is often the case in small entities but such circumstances, which may be encountered elsewhere, represent a special case.

The Explanatory Memorandum forming part of the exposure draft seeks to explain the use of this special case because in such circumstances: ‘there is no oversight separate from management’. This highlights a deeper problem with the terminology, which treads an uneasy line between definitions of functions and the individuals concerned. We deal with this below in the section of our response headed ‘Terminology - use of “those charged with governance”, “management” and other terms’.

We believe that the circumstance where there is no effective oversight function deserves special consideration. This may occur in many circumstances in addition to the case where all those charged with governance are involved in managing the entity. We discuss this further in the section below headed ‘Absence of an effective oversight function’.

Individual entities will exhibit a range of degrees of overlap between persons in management and persons charged with governance. This extends from the circumstances set out above (complete overlap) to the case where no member of management is also charged with governance.

In many small entities, a majority of those in management may also be charged with governance, or vice versa, and we believe that the effects on the audit of such circumstances are sufficiently common to merit proper consideration. Because of this, we recommend the elimination of the special treatment of the case where all those charged with governance are involved in managing the entity. Proposed ISA 260 should, instead, deal with the principles that influence the auditor's considerations and actions, depending on the degree of overlap between management and those charged with governance (mainly administrative matters) and the scope and effectiveness of the oversight function (mainly risk matters).

Corporate governance function not formalised

The vast majority of audited entities are not subject to legal or regulatory requirements in which a distinction is drawn between management and those charged with governance.

Paragraph 13 of proposed ISA 260 recognises that there are entities where the governance structure is not formally defined (for example, some family-owned entities, some not-for-profit organisations, and some government agencies). In such circumstances, the auditor and the engaging party are to agree on the person(s) with whom the auditor will communicate particular matters.

These circumstances are normal for the vast majority of small entities. This is because the concept of an oversight function is of limited practical usefulness to such entities.

We strongly suggest that the proposed ISA 260 should ‘think small first’ by requiring auditors to have regard first to their work under ISA 315 and their assessment of the impact on the internal control environment of the participation of those charged with governance. Only if the participation is a significant factor in the internal control environment and only if the auditor relies on that to reduce audit risk should there be a further need to communicate with those charged with governance.

It follows that, for the majority of audits of small entities, the remaining provisions of proposed ISA 260 would not apply, as they would not be relevant to the circumstances of the client.

Clearly, many entities that are not small may have an ineffective oversight function. We discuss the treatment of such circumstances in proposed ISA 260 below, in the section of our response headed ‘Absence of an effective oversight function’.

TERMINOLOGY - USE OF ‘THOSE CHARGED WITH GOVERNANCE’, ‘MANAGEMENT’ AND OTHER TERMS

Paragraph 7 of proposed ISA 260 includes a definition of ‘those charged with governance’ that is changed from that in ISA 260 Communications of Audit Matters with Those Charged with Governance (extant ISA 260). This is partly because extant ISA 260 began by defining ‘governance’ but, if an adjusted comparison of definitions is made, it is clear that they are not the same.

Proposed ISA 260
‘Those charged with governance’ means the person(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting and disclosure process. In some cases, those charged with governance are responsible for approving the financial statements (in other cases management has this responsibility).

Extant ISA 260 (adjusted)
‘Those charged with governance’ means the person(s) responsible for the supervision, control and direction of an entity who are accountable for ensuring that the entity achieves its objectives, with regard to reliability of financial reporting, effectiveness and efficiency of operations, compliance with applicable laws, and reporting to interested parties. Those charged with governance include management only when it performs such functions.

The new definition concentrates on oversight and eliminates references to ‘control’ and ‘ensuring that the entity achieves its objectives’ [emphasis added].

We agree with the new definition and the inclusion in proposed ISA 260 of a definition of ‘management’ as it is important that a clear distinction is made between the two functions. We regret, however, the fact that the definitions are directly of persons rather than beginning with the concepts of ‘governance’ and ‘management’. The missed opportunity to distinguish between concepts has resulted in difficulty in exposition as shown below in the definition of ‘management’.

Proposed ISA 260
‘Management’ means the person(s) who have executive responsibility for the conduct of the entity’s operations. In some entities, management includes some or all of those charged with governance, e.g., executive directors, or owner-managers. Management is responsible for preparing the financial statements, overseen by those charged with governance, and in some cases management is also responsible for approving the financial statements (in other cases those charged with governance have this responsibility). [emphasis added]

We believe that the reference to executive directors is potentially misleading as there are governance structures where executive directors are not all charged with governance.

The terms ‘those charged with governance’ and ‘management’ occur frequently throughout ISAs, other Engagements Standards and the IFAC Code of Ethics. We believe that it is important that definitions and usage in ISA and other IFAC pronouncements are the same. We presume that other IFAC boards and committees have been consulted, and that appropriate conforming amendments will be made in due course. We encourage IAASB to go beyond the approach set out in the Explanatory Memorandum, to ensure that older documents are also revised.

ABSENCE OF AN EFFECTIVE OVERSIGHT FUNCTION

In the section of our response above ‘Considerations in the audit of small entities’, we explained that circumstances where the corporate governance function was not formalised are common for small entities. That section made the link between a function that lacked formality and one that was ineffective.

Clearly, many entities that are not small may have an ineffective oversight function. Where that is the case, and where the (lack of) participation by those charged with governance is a significant factor in the internal control environment of the entity, the auditors will consider the impacts on their audit in accordance with ISA 315.

Where the oversight function is ineffective, the remaining provisions of proposed ISA 260 that relate to the oversight function should not apply, as they are not relevant to the circumstances of the client.

To give effect to this recommendation, it would be necessary to replace the bold type, overarching requirement at paragraph 4 of proposed ISA 260 with one that is conditional. Certain proposed requirements that currently use wording such as ‘Unless all those charged with governance are involved in managing the entity, … ’, would also require rewording in accordance with this condition.

It is a matter of drafting convention, and hence for the clarity project to determine, whether conditional statements are used to clarify circumstances where auditors need not comply with other requirements of proposed ISA 260 because they are not relevant.

Proposed ISA 260 contains requirements for communication that are not solely related to the oversight function. We deal with these in an earlier section of this response, headed ‘Matters to be communicated’.

PROPOSED CONFORMING AMENDMENTS

The proposed conforming amendment to ISA 570 Going concern should be made conditional on the auditors’ assessment of the effectiveness of the oversight function. The reasoning for this is set out in the section of our response above ‘Absence of an effective oversight function’. In essence, there is no point in making such a disclosure unless those charged with governance actually exercise effective oversight of management.

OTHER MATTERS

The explanatory memorandum called for comments on whether:

• considerations in the audit of small entities have been dealt with appropriately
• special considerations in the audit of public sector entities have been appropriately included
• there are any foreseeable difficulties in application in a developing nation environment, and
• there are any potential translation issues.

Our concerns in respect of the audit of small entities are dealt with earlier in this response under the heading ‘Considerations in the audit of small entities’. We have no other concerns in respect of the matters referred to in the above bullet points.

Comments on Specific Paragraphs

In this section, we provide comments in relation to specific paragraphs of proposed ISA 260.

1 (and others)

The words ‘involved in managing the entity’ are used in headings and paragraphs, generally to denote a circumstance ‘where all of those charged with governance are involved in managing an entity’.

Proposed ISA 260 has a definition of ‘management’ that is the singular: comprising those persons who ‘have executive responsibility for the conduct of the entity’s operations’.

It is our assumption that ‘involved in managing the entity’ is intended to be synonymous with ‘are persons who, with others, collectively have executive responsibility for the conduct of the entity’s operations’.

However, it is possible to draw other meanings from the term ‘involved in managing’ and we recommend that the intended meaning be made clear.

5, 52, 55 and 66

Paragraph 52 requires that ‘The auditor should seek to establish with those charged with governance a mutual understanding of the form, timing and expected general content of communications.’ [emphasis added]

It is unclear whether the requirement to establish a ‘mutual understanding’ is intended to be more onerous than establishing an understanding. If so, we doubt whether it is possible to achieve full ‘mutuality’, as that is normally taken to indicate that the understandings are equivalent.

We recommend instead, wording such as the following:

‘The auditor should assess whether those charged with governance have an understanding of the form, timing and expected general content of communications with the auditor sufficient for their purposes and, if not, should take appropriate action.’

 

7

The wording used in relation to ‘management’ is not suited to those entities where the management function is outsourced (some investment companies, pension schemes, unit trusts etc). Unless the definition is itself amended, we suggest adding a footnote to deal with such circumstances.

 

13

The term ‘the engaging party’ will be familiar to some from ISAE 3000 but ought to be added to the IFAC Glossary of Terms in its own right.

 

19

This paragraph introduces into guidance, reasons why requirements (other than the one singled out in it) are not relevant if management agrees to communicate them to those charged with governance. In effect, this allows indirect communication. We consider this to be an important matter that has considerable impact on reporting (such as required by paragraph 32). As such, it should receive much greater prominence.

 

27

The requirement to communicate certain matters (such as those listed in paragraph 29), is worded in terms of ‘an outline of the planned scope and timing of the audit’. Arguably, an audit is unlimited in scope and timing is not an important aspect of the evidence-gathering and assessment process (which might be described as the ‘nature’ of the audit). Nor is it clear how ‘outline’ is to be interpreted, as communication should be sufficient to achieve its objectives. We suggest using a less-coded and hence more understandable wording for this requirement.

 

32

In paragraph 32(d) the test should be not matters that are ‘relevant’ to those charged with governance but matters that in the auditors judgement are relevant. The word ‘paragraphs’ should be singular.

Paragraph 32(d) (as explained by paragraph 40) and paragraph 33(a) both refer to material matters that have been corrected. It ought to be possible to combine these requirements.

Paragraphs 32 and 33 include the words: ‘significant’, ‘material’ and ‘major’. Guidance should be given as to the relative importance of matters so described.

 

44

The words ‘such as’ indicate that the list may not be complete. We recommend earlier in our response that such material is presented in an appendix, but, wherever positioned, it ought to be complete.

 

49 to 51

Unless disclosures are restricted to those that are significant (ie important to those charged with governance in forming a view on auditor independence) there could be too many disclosures. For the avoidance of doubt, the word ‘all’ in paragraph 49(b)(i) should be removed.

The viewpoint embodied in ‘may reasonably be thought’, should be made explicit.

The period ‘preceding 12 months’ is meaningless without identification of a relevant date – is it meant to be the same period as the financial statements that are being audited?

The last sentence of paragraph 51 refers to an audit of an owner-managed entity where the auditors only provide audit services – this is an infrequent example as, more often, non-audit services would also be provided. On balance, we do not believe that the last sentence of paragraph 51 is necessary.

 

65

We are not sure what the words ‘as required’ are intended to add to the meaning of ‘take appropriate action’. Unless the viewpoint (required by whom?) is made clear and explained, we suggest deleting ‘as required’.

 

68

In view of its importance, the proposed standard should refer to legal considerations (at least by cross-reference) at an earlier point.

Back to top