• Print
  • Share
Exposure Draft Proposed International Standard on Auditing 540 (Revised) Auditing Accounting Estimates and Related Disclosures
Aug 01, 2017

Download Comment Letter

Dear Professor Schilder,

Exposure Draft Proposed International Standard on Auditing 540 (Revised) Auditing Accounting Estimates and Related Disclosures

Crowe Horwath International is delighted to present a comment letter on the Exposure Draft Proposed ISA 540 (Revised) Auditing Accounting Estimates and Related Disclosures. Crowe Horwath International is a leading global network of audit and advisory firms, with members in some 130 countries.

We welcome the initiative to revised ISA 540 and particularly the importance that you have given to having a standard in place for the effective date of IFRS 9 Financial Instruments. We presented detailed observations about the Exposure Draft below. We have prepared our observations in conjunction with Crowe Horwath LLP, our US member firm.

Risk Assessment Procedures

Paragraph 10 references to performing risk assessment procedures over estimates when assessing risk under ISA 315 (revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment; however, we are particularly concerned that as presented, the procedures listed in the Exposure Draft could be viewed as a secondary risk assessment performed subsequent to the assessment under ISA 315 (revised) and not as one cohesive risk assessment process. This potential confusion could increase auditor effort by performing multiple risk assessments or it could lead the auditor to not consider the risk assessment procedures in the Exposure Draft when performing the assessment under ISA 315 (revised) resulting in a deficiency in the audit. 

We agree with the Board that additional considerations are needed when assessing the risk of material misstatement in estimates; however, we believe these procedures would be better linked to the required procedures in ISA 315 (revised).  For example, paragraph 10(e) and 10(f) of the Exposure Draft requires the auditor to understand how management makes accounting estimates and the internal controls surrounding those processes.  It is unclear the extent in which the auditor could apply professional judgement in determining the extent of understanding related to how management makes estimates. 

Additionally, it is not clear if the auditor would apply the procedures of 10(e) and 10(f) at the entity level (evaluating of management's processes and controls over estimates as a whole) or at the individual estimate level.  Also, it is not clear whether the risk assessment procedures in paragraphs 10-12 of the Exposure Draft would apply to all estimates or to estimates where the likelihood of the potential misstatement could result in a material misstatement.  In applying ISA 315 (revised), the auditor applies professional judgment in the risk assessment process to reach a conclusion as to whether an estimate is a significant estimate.  For those estimates determined to be significant estimates the auditor is then required to obtain an understanding of management's processes. 

Specifically, paragraph 18(e) of ISA 315 (revised) requires an understanding of the financial reporting process used to prepare the entity's financial statements, including significant estimates (ISA 315.18(e)).  The Exposure Draft removes the concept of significant estimates thus appearing to imply that the auditor needs to understand management's process and components of internal controls related to all estimates at the individual level, regardless of the potential risk of material misstatement, whereas, under existing requirement the auditor would perform these procedures only for significant estimates.  While understanding risk is a critical aspect of designing and performing an audit, the additional requirements imposed by paragraph 10 of the Exposure Draft would appear to meaningful increase the time related to understanding risks related to estimates that do not present a likely potential for material misstatement thereby increasing the cost of the audit without a corresponding increase in audit quality

Identifying and Assessing the Risks of Material Misstatement

We support the Board's requirement for the auditor to take into account the extent to which the accounting estimate is subject to, or affected by, one or more relevant factors including complexity, use of judgement, including the potential for management bias, and estimation uncertainty.  However, due to how closely related these factors are to each other, there appears to be an inherent difficulty in separating the risks related to each individual factor.  We see benefit in including these as relevant factors when evaluating the risk of misstatement in an estimate, however, we believe there should not be a specific requirement to associate the risk with one or more than one factor but rather allow the auditor to apply professional judgement in determining the response to the risks identified.  See further discussion in the Responses to the Assess Risks of Material Misstatement below.

 

While we support the introduction of the risk factors, it is unclear to us how to apply ISA 315 and 330 with respect to identifying and responding to significant risks.  Specifically, it is not clear if the required procedures in paragraphs 15 and 16, including the additional response in paragraph 17-20 for inherent risks assess as not low, of the Exposure Draft would comply with the requirements of ISA 330.21 to design audit procedures that are specifically responsive to that significant risk or if additional procedures beyond those required would still need to be documented.  These paragraphs of the Exposure Draft appear to pre-determine the auditor's response to all risks of material misstatement, including significant risks. Thus an auditor might interpret that the required procedures in paragraphs 15 through 20 are the procedures to address the significant risk identified with respect to estimates, which may result in the auditor only performing those procedures to meet the requirements of paragraphs 17-20 which may not be responsive to the significant risk identified.   Further an unintended consequence of the exposure draft is that auditors may cease to identify significant risks over estimates since an identified risk no longer meets the definition of a significant risk as defined in paragraph ISA 315.4(e) "An identified and assessed risk of material misstatement, in the auditor's judgement, requires special audit consideration."  Since the exposure draft now contemplates the response to all risks of material misstatement, it appears no risk related to an estimate would require special audit consideration under ISA 315 and ISA 330.  This could cause poor audit quality; therefore we believe further clarification is necessary on how the auditor's response will differ for significant risks.  Conversely, one could further interpret the Exposure Draft to imply that all estimates with inherent risk of not low are treated as significant risks further indicating a need for clarification on how the auditor's response differs for significant risks.

Paragraph A72 and A73 of the exposure consists of examples of estimates which may have an inherent risk of low or not low based on the auditor's identification and assessment of the risk.  While presenting examples are helpful, we are concerned that as presented the examples may lead to auditor bias in that the auditor may conclude that all examples in A72 are considered to be low inherent risk and all examples in A73 are to be assessed as not low.  We recommend including language to make it clearer that other factors could result in the example estimates moving from the low to not low bucket and vice versa.

Responses to the Assessed Risks of Material Misstatement

Paragraph 15 of the Exposure Draft establishes further audit procedures for risks of material misstatement based on the assessed level of inherent risk of low or not low.  Introducing audit responses to risks of material misstatement based on an assessed level of inherent risk seems to imply that a separate assessment of inherent risk is required under the Exposure Draft, which is inconsistent with the Board's intention as indicated in paragraph A95 of the Exposure Draft.  For example, if the auditor assesses the risk of material misstatement as low based on one assessment of combined inherent and control risk (control risk reduced from the maximum due to performance of tests of controls), under the exposure draft, the auditor is required to separately assess inherent risk to properly evaluate whether the auditor is required to apply the procedures in paragraph 17-20 of the Exposure Draft.  The introduction of performing audit procedures based solely on inherent risk is inconsistent with ISA 330 (revised), as the auditor would design further audit procedures based on the risk of material misstatement (combined inherent risk and controls risk). 

 

As indicated in the section above, we support the Board's recognition that the risk in an estimate is impacted by the complexity, level of management judgment including bias, and estimation uncertainty.  However, we see challenges in being able to differentiate between the three factors, particularly with respect to complexity and judgement.  The inability to distinguish between the factors will result in the need to design procedures to meet all objectives in paragraphs 17-20 potentially resulting in unnecessary audit procedures without resulting in improved audit quality.  We believe the auditor should be able to exercise judgement to determine if the individual objectives for each factor represents the risk of material misstatement and then to subsequently design audit procedures to meet those identified objectives.

Paragraph 19 of the Exposure Draft addresses objectives for when inherent risk is not low due to estimation uncertainty.  Specifically, paragraph 19 (b) indicates "When, based on the audit evidence obtained, in the auditor's judgement, management has not appropriately understood and addressed the estimation uncertainty, the auditor shall, to the extent possible, develop an auditor's point estimate or range to evaluate the reasonableness of management's point estimate and the related disclosures in the financial statements that describe the estimation uncertainty."   We believe that further clarification is needed to expand on the impact of when management has not understood estimation uncertainty.  As currently drafted, an auditor could infer the only response necessary when management has not understood estimation uncertainty is to perform an auditor's point estimate/range.  Specifically, we would recommend adding application material indicating the auditor should consider whether an internal control deficiency exists and to respond accordingly.  As part of that response, if the auditor determines that management's failure to appropriately understand estimation uncertainty is a significant risk, further clarification would be required on how to apply paragraph 21 of ISA 330 which states that "…When the approach to a significant risk consists only of substantive procedures, those procedures shall include tests of details".  Since paragraph 19(b) of the Exposure Draft response is defined to be a substantive analytic in paragraph A128 of the Exposure Draft it appears an auditor's point estimate/range would not be a sufficient audit response in accordance with ISA 330. 

Management's Expert

As the complexity of accounting estimates increases, the need to rely on management's experts becomes increasingly important to obtaining sufficient audit evidence. Further clarification is suggested on how to apply the ISA 500 requirements and guidance on management's experts with respect to estimates. 

Paragraph 8 of ISA 500 requires the auditor to evaluate the competence, capabilities and objectivity of the expert, understand the work of that expert, and evaluate the appropriateness of that expert's work.  In the evaluation of the expert's work, paragraph A48 of ISA 500 indicates that procedures may include the relevance and reasonableness of the expert's findings, appropriateness of the significant assumptions, and the relevance and accuracy of significant source data.  The exposure draft appears to be consistent with ISA 500 from the perspective of requiring the auditor to evaluate the appropriateness, including the relevance and reliability, of significant assumptions and data. 

However, the Exposure Draft could further address how the auditor would modify the nature, timing, and extent of the procedures performed to address the complexity factors in paragraph 17 of the Exposure Draft when a management expert is relied upon.  For example, management generally will hire an actuary to develop the pension liability estimate, as the estimate requires a complex model that involves specialized skills and knowledge.  Subject to the requirements of ISA 500, the auditor would rely on the results of the modelling after determining the competence and objectivity of the specialist, obtaining an understanding of the methods and assumptions utilized by the specialist, and making appropriate tests of the data provided to the specialist.  The auditor is not required to re-perform the modelling in order to rely on the expert. 

However, in the Exposure Draft it is unclear as to whether the auditor would be required to re-perform the model in order to be able to rely on management's expert.  For example, paragraph 17(e) indicates that the auditor shall obtain sufficient audit evidence about whether the calculations are mathematically accurate and appropriately applied.  Paragraph 17(e) and the related application material is not clear as to the impact of the auditor's evaluation of the competence and objectivity of company specialists if the auditor is always expected to test the mathematical accuracy and appropriateness of the model.  For example, a pension liability for which management engaged an outsider actuary as an expert.  An auditor would likely need to engage a third party expert (actuary) to develop a separate estimate or assist in evaluating the model used by management's expert, if it was provided.  This additional cost may outweigh the benefits based on a risk assessment process since paragraph 17(e) does not appear to consider the competency and objectivity of management's expert.  We believe further clarification is required in this area. 

Scalability

We are supportive of the Board's consideration of scalability in all audit requirements.  However, we believe that the scalability requirements should be driven based on the risk of material misstatement and the audit evidence needed to address the risk and not based on the size of the entity or audit firm.

We trust that our comments assist the IAASB in its standard setting activities. We shall be pleased to discuss our comments further with you.

Kind regards

David Chitty

International Accounting and Audit Director