During the year 2017, the Sri Lanka Accounting and Auditing Standards Monitoring Board (SLAASMB) focused on the need to improve audit quality and changed its inspection strategy to a more risk-based approach. The new approach commences with the inspection team focusing on identifying high risk areas though detailed evaluation of the industry, business and the financial statements. As an initiative to improve audit quality, SLAASMB commenced this risk-based inspection approach during the last quarter of 2016. Consequent to identifying the related risk, the inspection scope is narrowed down and an in-depth inspection is conducted. The new approach is focused on aligning with audit inspection methodologies and practices adopted by global audit regulators.
In furthering this changed focus SLAASMB commenced thematic inspections during 2017, carrying out in-depth inspections on selected themes across a number of audits. These changes in audit inspections and the thematic inspections was facilitated by the training given to the inspection staff by a foreign consultant under the financial assistance granted for special capacity building during 2016.
SLAASMB inspected 100 audits carried out by 13 firms during the year 2017 compared with 99 audits carried out by 14 firms during the previous year. The 100 audit inspections comprised of 85 audit inspections and 15 thematic inspections. The audits inspected during the year included 75 audits carried out by 5 firms which are members of international networks and 5 audits carried out by 5 firms which conducts audits of less than 10 Specified Business Enterprises (SBEs).
Based on the inspection findings, non–compliances which were material but not significant as to require further action under the statue were communicated as letters of assistance. However, based on the severity of the findings, SLAASMB took more stringent measures, namely issuing warning letters to firms, referring to CA Sri Lanka and issuing directions to SBEs requiring them to get their financial statements re-audited and to republish the financial statements. In this process of attempting to enhance the audit quality throughout the audit industry, areas for improvement were communicated to some firms during the year.
2 Directions to re-audit
During the year 2017, SLAASMB issued directions to 2 SBEs to have their financial statements re-audited as a result of the significance of non-compliances observed during the audit inspections carried out. These SBEs were required to publish and circulate copies of the re-audited. Financial statements of the same year for which the audit inspections had been carried out, to all the parties that had received the annual report of such year.
Directions were issued to the following SBEs:
2.1 Adam Capital PLC
Consequent to the auditor of Adam Capital PLC, A. I. Macan Markar & Co, disagreeing with the findings of the inspection of the audit of the financial statements for the year ended 31 March 2016, and failure by the auditor to substantiate the reasons for such non-compliances from the audit workings, the Board issued a Direction requesting the Company to re-audit the said financial statements. However, due to an issue regarding the additional costs of such re-audit, the matter has been referred to the Attorney
General for advice regarding action to be taken on the auditor.
2.2. Fairway Holdings (Pvt) Ltd
Based on the findings of the inspection of the audit of financial statements of Fairway Holdings (Pvt) Ltd for the year ended 31 March 2016, the auditor, Nusith Kumaratunga & Co., had failed to conduct the audit with adequate professional competence and due care. The auditor having accepted the non-compliances has informed that steps are being taken to regularize the deviations. However, considering the significance of the misstatements, the Board has issued a Direction to the Company to re-audit and re-publish the financial statements for the year ended 31 March 2016.
3. Follow up action on Directions issued during the previous year
Agalawatte Plantations PLC Consequent to the Direction issued by the Board to Agalawatte Plantations PLC to get their financial statements for the year ended 31 March 2014 re-audited and re-publsihed, the re-audit performed by another engagement partner of its auditor, Hulugalle Samarasinghe & Co., had disclaimed the opinion on the financial statements on which an unqualified opinion had been issued previously. This matter has been referred to the Attorney General for legal advice regarding action to be taken against the management of the
Company and has referred the misconduct of the auditor to CA Sri Lanka.
4. Observations made on audit inspections
Deficiencies were identified in 43 audits conducted by 13 firms. The departures from Sri Lanka Auditing Standards detected were communicated to the respective firms in the form of letters of assistance.
The main findings are as follows.
4.1. Failure to obtain sufficient appropriate audit evidence
Sufficient appropriate audit evidence had not been obtained from substantive procedures and from tests of controls to support the financial statement assertions in 32 audits.
- Failure to perform any audit procedures to test the financial statement assertions relating to placements with banks, consolidation adjustments, reverse repurchase agreements, borrowings, sundry income, investment in subsidiary, allowance for impairment of loans and receivables and contingent liabilities.
- Failure to perform any audit procedures to test certain financial statement assertions.
- Not performing audit procedures to evaluate the appropriateness of the work of the management’s expert by considering relevance and reasonableness of the expert’s findings or conclusions and their consistency with other audit evidence.
- Failure to ascertain the appropriateness of the credentials of the valuer engaged by the company to value its property, plant and equipment.
- Failure to ensure adequacy of the valuation of investment properties, despite the existence of indications of uncertainties over probability of future economic benefits flowing to the company, from such properties.
- Failure to ensure accuracy and completeness by performing audit procedures to resolve the inconsistency between the management representation and confirmation by a related party, in respect of a balance receivable from the related party.
- Failure to ensure completeness and accuracy of sales of a property development company, by performing audit procedures to assess the reasons for non-execution of transfer of property deeds, when the full amount had been paid by the customer.
- Failure to verify the accuracy of the allocation and re-allocation of securities throughout the time period of reverse repo and repo agreements, in the operations of a primary dealer.
- Failure to perform audit procedures to examine the scope and the competence of the internal auditor in relation to Information Technology General Controls (ITGC) when obtaining an assurance on ITGC based on internal auditor’s work.
- Not performing planned substantive audit procedures on account balances.
- Failure to perform additional audit procedures when audit evidence provided insights of material misstatements.
- Not performing further audit procedures to resolve the inconsistencies of the audit evidence obtained from different sources.
4.2. Failure in the Auditor’s Responsibilities Relating to Risk of Fraud in an Audit of Financial Statements
The auditor had failed to focus the audit in relation to risk of fraud in 16 audits.
- Failure to perform audit procedures to test the appropriateness of journal entries in the general ledger focusing on fraud risk
- Failure to maintain professional skepticism in relation to journal entry procedures
- Not evaluating the appropriateness of the persons authorized to pass journal entries, as part of control testing
- Failure to test the journal entries to address fraud risk
- Failure to select the sample of journal entries based on the characteristics of fraudulent journal entries
- Failure by the auditor to exercise due care when identifying the risk indicators of passing backdated journal entries
- Failure to test the journal entries passed by an entity within the period
- Failure to identify the scope, nature, time and extent of audit procedures to be performed on the journal entries
- Failure to consider risk of “management override of controls” in deciding the extent of audit procedures to be performed, despite the auditor identifying the existence of such risk
- Failure to consider the presumption of existence of fraud risk, in revenue
4.3. Failure to respond to the assessed risks Failure to respond appropriately to risks
identified was observed in 11 audits.
- Failure to evaluate the impact of the deficiencies on control risk identified by IT auditors.
- Failure to perform test of controls when the test of controls form part of the audit strategy
- Failure to identify critical controls in performing test of controls
- Not performing additional audit procedures relating to exceptions identified
- When the result of a test of control was not satisfactory, performing a substantive audit procedure similar to such test of control
- Despite planning to perform test of controls, failure to arriving at the loss given default rate calculations, when evaluating loans and receivables on collective basis for impairment
- Failure to test the calibration of the valuation model used to value consumable biological assets to ensure the valuation technique reflects current market conditions
4.5. Non compliances relating to understanding and assessment of risk of material misstatements
Non compliances relating to identifying and assessing the risks of material misstatements were observed in 8 audits.
Deficiencies observed includes;
- Failure to perform audit procedures to understand the information system including the related business processors relevant to financial reporting.
- Failure to identify significant risks from all possible risks in order to apply more focused and comprehensive audit procedures.
- Failure to apply professional skepticism in identification of risk indicators as a risk that requires special audit consideration, such as significant increase in cash in hand balance as at the year end
- Failure to evaluate the changes made to the IT system during the financial year.
- Failure to exercise professional judgment in identifying and validating key internal controls relevant to the financial statement assertions.
4.6. Failure to establish and maintain a system of quality control
Evidence of adopting appropriate quality control procedures for audit engagements was not available in 6 audits.
- Not appointing an engagement quality control reviewer (EQCR), despite the high audit risks associated with the engagement./li>
- Lack of adequate involvement of the EQCR in planning, execution and completion of the audit despite the engagement being of a listed company/li>
- Failure by EQCR to perform an objective evaluation of the significant judgments and the conclusions reached by the audit team
- Reviewing audit areas with high risk on a date subsequent to the audit report date/li>
- Inadequate involvement of engagement partner in directing, supervising and performing the audit engagement, evidenced by time utilization on the engagement and by the observations made on non-compliances with Auditing Standards by SLAASMB
4.7. Absence of evidence on the basis of selecting the samples
Non-compliances relating to audit sampling were identified in 6 audits.
The observations included;
- Failure to achieve the objective of sampling.
- Failure to establish the basis of selecting the samples for testing so as to gather sufficient appropriate audit evidence to meet the objectives of the audit procedures.
- Not selecting samples from the population, giving an equal chance for every item to get selected
- Deviating the method of sample selection, from the documented sample selection method
- Failure to perform appropriate audit procedures on each item in the selected sample
- Failure to evaluate the sample results, to determine whether, the use of sampling, has provided a reasonable basis when arriving at conclusions about the population
4.8. Other observations
- Inspection of some audits revealed failure by the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatements, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.
- In certain audits, the auditors had not maintained professional skepticism throughout the audits and had failed to exercise due care when drafting the audit opinions, which were found to be inappropriate.
- More common findings included failures to design suitable analytical procedures to test intended assertions and not performing additional audit procedures when the outcomes of the analytical procedures had indicated inconstancy in the relationships between variables tested.
- Some of the common observations of audits of group financial statements include failure by auditors to obtain any audit evidence relating to consolidation adjustments and on how opinion relating to financial statements of subsidiaries had been reached. They also include failure to obtain sufficient appropriate audit evidence from component auditors and failure to evaluate the information communicated by the component auditors.
- Similarly, lack of adherence to proper administrative procedures from the planning of the audit up to assembling the final audit file were also observed which included drawbacks in timely assembly of the file, maintaining confidentiality, safe custody, integrity, accessibility and irretrievability of the engagement documentation.
- Some auditors had not obtained sufficient appropriate audit evidence about whether the related party relationships and transactions had been appropriately identified, accounted for and/ or disclosed in the financial statements.
5. Suggestions for improvements
Suggestions for improvements were given in relation to 13 audits carried out by 4audit firms as a measure to encourage such auditors to improve their future audits.
6. Letter of warning
A warning letter was issued during the year to an auditor for willfully misleading SLAASMB by submitting audit documentation which had a date subsequent to the date of the inspection.
7. Thematic inspections
SLAASMB carried out thematic inspections on the themes of Involvement of Engagement Quality Control Reviewer and Communications with Those Charged with the Governance for a sample of 15 audits representing 6 audit firms. The Report on observations will be issued during 2018.
8. Firm-wide quality inspections
SLAASMB plans to conduct firm-wide quality inspections commencing from early 2018.
During the year the staff were engaged in preparing the detailed plans and questionnaires and formats required for the firm-wide quality inspections.
This was made possible by the exposure given to the staff during 2016 under the extensive training conducted by an International Consultant with hands-on experience in audit regulations in the United Kingdom. The firm wide quality inspections will be carried out on the firms which volunteer to be subject to such inspections until firm-wide inspections become mandatory by the Statute, which is currently in the process of being revised. In recognition of the contribution made by these firms towards enhancing audit quality in the audit environment, names of the firms which volunteer to be subjected to firm-wide inspections will be published by SLAASMB with the respective reports being released to each firm individually.