Haven’t got time to read this story? Listen to it in audio format.

While formal complaints and company collapses can reveal significant audit failures, they are the most extreme examples. So, how do we know how well auditors are performing overall? The answer, for the regulators, is regular reviews of samples of audit files, followed by feedback and engagement with auditors and firms.

In its 2025 surveillance, the Australian Securities & Investments Commission (ASIC) looked specifically at audits of superannuation funds and into auditor independence and conflicts, in addition to its usual program of work. Similarly, along with looking at overall audit quality, the New Zealand Financial Markets Authority (FMA) also specifically considered audits of banks.

Here are the key lessons for assurance practitioners.

ASIC’s findings

ASIC carried out three separate reports into the work of auditors in 2025: an oversight of financial reporting and audit, a report into independence and conflict of interest, and one on the financial reporting and audit of super funds.

Its overall report into financial reporting and audit, ASIC’s Oversight of Financial Reporting and Audit 2024–25, reviewed 15 audit files at nine audit firms for 10 companies. The regulator issued nine comment forms to audit firms, setting out its concerns. Many of these were the same as in previous years, including:

• Auditors failing to obtain sufficient appropriate audit evidence to support revenue recognition
• Not testing the reasonableness of inputs and assumptions in valuations relating to the impairment of non-financial assets and asset values
• Not obtaining sufficient appropriate audit evidence over the ownership and valuation of investments.

The report also found that some auditors did not adequately document the nature and extent of procedures performed, and significant professional judgements made during the audit and in forming conclusions.

Consequences for auditors

This year’s report had a larger section on ASIC’s enforcement and compliance actions relating to auditors.

“Part of the reason ASIC takes enforcement action is to have a deterrent impact,” says ASIC commissioner Kate O’Rourke. “We’re trying to help people see the consequences and that ASIC is active.”

Next year’s report will go further still, O’Rourke says, incorporating a “feedback loop”, reporting on the actions that audit firms will take in response to ASIC’S findings and then monitoring how those plans are implemented.

Auditors are obliged in the Corporations Act to report contravention and suspected contraventions of the Act by companies they are auditing. However, the report found instances of auditors failing to report the non-lodgement of financial reports by previously grandfathered companies and not reporting ongoing failures by responsible entities to comply with the compliance plan requirements for registered investment schemes.

Conflicts of interest

O’Rourke says ASIC was concerned by its findings in its review on conflicts and the independence of auditors, Building Trust: Auditors’ Compliance With Independence and Conflict of Interest Obligations. ASIC used data from 2900 registered company auditors and publicly available information about their clients spanning several years. It identified audits with indicators of potential threats to independence arising from the provision of non-audit services to audit clients, a long association with clients, and relationships between auditors and clients or their officeholders.

It targeted 48 auditors in respect of the audits of 53 clients. Where these auditors came from an audit firm, ASIC also examined the frameworks that the 19 audit firms had in place at the time of conducting the audit.

“Many auditors, whether practising as individual auditors or from audit firms of any size, were unable to effectively demonstrate how they complied with their prescriptive and general independence and conflicts of interest obligations,” the report states.

Nine auditors were unable to demonstrate how they met the rotation requirements in relation to the audits of 14 listed clients. Five auditors held relationships in relation to six clients that are explicitly prohibited under the Corporations Act because they are considered inherently non-independent. These auditors were from small to medium-sized audit firms or practising as individual auditors. Additionally, the results are not reflective of the performance of the overall audit profession, thanks to ASIC’s data matching.

Before compiling its reports, ASIC wrote to companies and firms reminding them of their obligation to report contraventions – including auditors’ own contraventions. “We were surprised at just how few people followed that request,” O’Rourke says.

She says firms and auditors which did not comply with the requirements were taking a tick-the-box approach with a narrow reading of the prescriptive requirements, and then not stepping back and considering the general conflict and independence requirements, how related issues might fit together and how things might be perceived.

Superannuation fund audits

FY2024–2025 was the first full financial year in which registerable superannuation entities (RSEs) had to lodge audited financial reports with ASIC. As a result, the regulator carried out its first review of audited financial reports of RSEs and the related audit files (not including self-managed super funds) in its report Accounting for Your Super: ASIC’s Review Into the Financial Reporting and Audit of Super Funds.

The report found that some auditors are not doing enough to obtain sufficient audit evidence that provides reasonable assurance about investment valuations in the registrable superannuation entity (RSE) financial reports. Additionally, auditors adopted high levels of materiality, which can result in less audit work being undertaken.

“Auditors also did not adequately challenge the valuations provided by external fund managers. This could undermine member confidence in the accuracy of financial information about their superannuation fund,” the report states.

“We were quite concerned with what we found, particularly the auditors not doing as much work as we had hoped in relation to valuations, so there’s an opportunity for them to really think hard about the valuation practices,” O’Rourke says.

ASIC, the professional accounting bodies and other relevant stakeholders are engaging to consider how the findings can lead to improving audit practices, particularly in relation to the valuation and disclosure of unlisted investments.

With most Australians having superannuation, high quality and reliable financial information is essential, O’Rourke says. This is even more so with the growth in unlisted assets such as managed investment schemes in super funds, where the weight put on financial statements can be even higher as a result.

The Financial Markets Authority’s findings

In New Zealand, the FMA’s latest Trends in Audit Quality report examined six audit firms and 14 audit files and found five non-compliant files.

For the first time since December 2021, New Zealand audit firms were required to comply with the International Auditing and Assurance Standards Board’s (IAASB) International Standard on Quality Management 1, which requires firms to not only design and implement a quality system, but also to monitor it.

Jacco Moison, FMA head of audit, financial reporting and climate-related disclosures, says there is room for improvement.

“There was not sufficient documentation around the systems of quality controls by the firms. They didn’t document that well on how they executed or monitored the control and therefore we couldn’t assess if they were basically effective or not effective,” he says.

Moison says the ongoing monitoring of quality control systems is a new requirement and the financial year past was a learning exercise. He expects firms to devote more resources to the task in the next year or two.

“It is important that people remain focused on the whole process and making sure that you do all areas well, not only the most risky areas.”

An experienced eye

On the audit files themselves, Moison says they revealed a need for auditors to do more testing of the underlying data used in the audit. They should also design appropriate procedures to detect and test these transactions, and ensure they are properly disclosed in the financial statements.

These are the more basic requirements of the audit and Moison says they revealed a need for senior auditors to supervise new auditors. “Every year you have a big group of new auditors that you need to train. So therefore, it’s really important that the more experienced people on the job continue to focus on those areas,” he says.

Ironically, the more challenging areas of the audit attract a lot of focus from senior auditors and so are done well. “It is important that people remain focused on the whole process and making sure that you do all areas well, not only the most risky areas,” says Moison.

Bank audits

This year’s report also examined audits of major banks, which were carried out by the big four audit firms. Moison says these were mostly done well.

However, he says the bank audit files lacked evidence to demonstrate if the firm assessed the elements of variable remuneration and how these impacted the risk of fraud or risk of management override of controls.

“That could be particularly relevant if you’re looking at fraud or management override of controls, that management might be incentivised to override controls, to just hit their profit target to get that bonus,” he says.

Climate-related disclosures and assurance

This FMA report was also the first to examine the mandatory assurance over greenhouse gas emissions disclosures in climate statements, which can be performed by auditors and other assurance practitioners. Most of the assurance reports met the requirements of the standard – Assurance Engagements over Greenhouse Gas Emissions Disclosures – but there were also several examples of non-compliance that needed to be addressed, such as:

• Assurance reports referencing the incorrect assurance standard
• Use of terminology in assurance reports that did not align with the requirements
• Independence disclosures in respect of climate-related advisory services.

The FMA report concluded that assurance practitioners needed to provide clear descriptions of what disclosures have been assured for users and what level of assurance has been provided, and ensure that the assurance report covers all the mandatory disclosures – especially if the entity cross-referenced to other documents.

Solid performance, with room for improvement

Regulator reports into the performance of auditors in Australia and New Zealand are an opportunity for the profession to maintain confidence in financial reports and audits. Amir Ghandar FCA, leader of reporting and assurance at CA ANZ, says trust and confidence in financial reports – which plays a vital role in the smooth operation of capital markets – is strong.

But he adds: “Those are not laurels to rest on at all. This requires an ongoing, dedicated effort and a focus on where there may be problems or where there are challenges for the auditors, as well as directors and preparers, which is one reason why ASIC and the FMA’s surveillance reports are so important.”

---

Take away

Auditing Reimagined: Navigating Stakeholder Expectations by Yusuf M Sidani looks into the evolution and challenges of the auditing profession. For the ebook click here.