Question

Task

back to top

Background:

You a member of the audit team at Miller Yates Howarth (MYH), an accounting firm with offices throughout the major regional centres of NSW and Queensland. Although a medium sized firm by national standards, MYH is the second largest regional accounting firm in Australia. Most of MYH’s audit clients are in the agriculture, mining, manufacturing and property industries. All those industries are currently under pressure, either from a downturn in commodity prices or fierce competition from overseas competitors. MYH have now been appointed auditors of a community bank. Two audit directors have previous experience auditing in the banking sector and need to raise the awareness of staff with respect to the governance issues that have recently impacted the banking sector.

Question 1 (7%)

Required:

You have been asked to:

read audit standard ASA315 focusing on audit responsibility with respect to client governance,

read the web page on the ASIC report on the Commonwealth bank which details the governance issues raised by ASIC (http://www.apra.gov.au/MediaReleases/Pages/18_17.aspx), and

prepare a report that:

summarises and justifies the auditor’s responsibility to review the governance of an audit client, and

Includes a table for use in the audit which explains the impact of each of the ASIC identified Commonwealth Bank governance issues on audit risk. The table should further explain why each of the ASIC recommendations would reduce audit risk. The template below should be used.

Issue	Impact on raising audit risk	Recommendation	Reduction in audit risk because of the recommendation

Answer 1

Auditor’s responsibility to review the governance of an audit client:
The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial report and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion.
Risk Assesment procedure includes:
1). Enquiries of management, of appropriate individuals within the internal audit function (if the function exists) and of others within the entity who in the auditor’s judgement may have information that is likely to assist in identifying risks of material misstatement due to fraud or error
2). Analytical procedures
3). Observation and inspection
Other related activities auditor shall perfrom for risk Assement:
The auditor shall consider whether information obtained from the auditor’s client acceptance or continuance process is relevant to identifying risks of material misstatement
Where the auditor intends to use information obtained from the auditor’s previous experience with the entity and from audit procedures performed in previous audits, the auditor shall determine whether changes have occurred since the previous audit that may affect its relevance to the current audit.
The engagement partner and other key engagement team members shall discuss the susceptibility of the entity’s financial report to material misstatement, and the application of the applicable financial reporting framework to the entity’s facts and circumstances. The engagement partner shall determine which matters are to be communicated to engagement team members not involved in the discussion
Issue	Impact on raising audit risk	Recommendation	Reduction in audit risk because of the recommendation
Inadequate oversight and challenge by the Board and its committees of emerging non-financial risks;	Fails to idendify the non financial risk ie. Operational, compliance and conduct risk	More rigorous Board and Executive Committee level governance of non-financial risks;	Improve the identification process of non financial risk
Unclear accountabilities, starting with a lack of ownership of key risks at the Executive Committee level;	fails to adderess the accountability of individual	Exacting accountability standards reinforced by remuneration practices;	Helps in fix the accountabilty of managemnt and every individual
Weaknesses in how issues, incidents and risks were identified and escalated through the institution and a lack of urgency in their subsequent management and resolution;	weak internal control to identify the risk and its escalation to appropriate authority	A substantial upgrading of the authority and capability of the operational risk management and compliance functions;	Improve the intenal control of organisation for identification of risk and its escalation
Overly complex and bureaucratic decision-making processes that favoured collaboration over timely and effective outcomes and slowed the detection of risk failings;	Fails in timely detection of non financial risk due to complex and lengthy process	Injection into CBA’s DNA of the "should we" question in relation to all dealings with and decisions on customers; and	Timely detection of non financial risk
An operational risk management framework that worked better on paper than in practice, supported by an immature and under-resourced compliance function	Fails to implement good corporate governance in practice	Cultural change that moves the dial from reactive and complacent to empowered, challenging and striving for best practice in risk identification and remediation.	Helps in implementation of good corporate governance