6 key threats to auditor independence

Keep an eye out for threats to independence that catch SMSF auditors out

If you think the issue of auditor independence is black and white, think again.

Related article: 6 MORE threats to auditor independence

Each year regulators pull unsuspecting self-managed super fund (SMSF) auditors up for failing to meet this key requirement, despite the fact they declared their independence when they signed off on the report.

“The second most common issue in terms of auditing standard breaches that we identify in our quality review program is independence breaches related to SMSFs,” says Amir Ghandar, former audit and assurance policy adviser at CPA Australia.

The penalties for breaching the independence clause can be potentially quite significant, adds Ghandar.

"These are focus areas for regulators, both the ATO and ASIC, and they're certainly focus areas for CPA Australia in our review processes."

Indeed, Matthew Bambrick, assistant commissioner for superannuation at the Australian Taxation Office (ATO), noted in a speech in October 2013 that both the Australian Securities and Investments Commission (ASIC) and the ATO would be increasing their focus on audit compliance monitoring, particularly in regards to independence.

"We’re working closely with ASIC on this and have already started working on cases where we’re concerned about the auditor’s compliance," says Bambrick.

Bambrick also noted that regulators were investigating the reasons behind a drop in the number of SMSFs reported by auditors to the ATO in fiscal year 2012/13. While Bambrick would like to think the reason was because of improvements in education among SMSF trustees, regulators are looking into all possibilities, including auditor independence.

Ghandar says to watch out for these six threats to SMSF auditor independence:

1. Self-review threat

These occur when the auditor has also prepared some of the accounting for the fund.

Ghandar says the vast majority of independence breaches are related to self-review threats. In large firms, this threat can be addressed by separating the accounting and auditing work between two distinct teams or partners that operate independently of each other.

However, Ghandar says it is very difficult for such distinctions to be made in a small firm because of the close relationship between staff and partners. Importantly, he says it is impossible for a sole practitioner to achieve independence.

2. Self-interest threat

This threat emerges when, for example, an auditor has only one client or one client represents a significant proportion of their business.

"Their independence is threatened because they'll be less likely to want to issue a qualified audit opinion or something that will cause an issue for the client because they're worried about losing the client," says Ghandar.

3. Multiple referrals threat

This arises when an auditor receives a large number of referrals from the one client, which can also be characterised as a self-interest threat.

"Issuing a qualified report could impact on that referral relationship and in turn impact on their business."

4. Ex-staff and partners threat

This happens when a staff member or partner leaves to start their own business and performs audits for their former employer.

"Just having those roles   accounting and audit   in separate practices doesn't necessarily mean it's independent,” notes Ghandar.

“You still have to look at all the other aspects of independence, particularly including the familiarity between the people in the accounting firm and the audit firm."

5. Advising threat

This threat occurs when an SMSF auditor also provides financial advice for the client.

"Our position is that it's very difficult to have an independent audit if the firm is also providing financial advice, so we recommend to stay well clear of that."

6. Relationships threat

Relationship threats are broad and generally cover anything that involves the auditor knowing the SMSF trustees, members, or accountant on a personal level.

"If you have a close family or business relationship with a trustee or member of the SMSF, you can't achieve independence in auditing that SMSF," says Ghandar.

Due to the family nature of SMSFs, it is an issue the ATO pays particularly close attention to.

How to deal with threats

If any of these threats occur, it doesn't necessarily mean an auditor can't complete the audit. Rather, safeguards must be put in place to eliminate the threat and these safeguards must be documented in the audit report. When doing so, it is important to note that a single circumstance may give rise to more than one threat and each threat must be addressed.

Related: Why ethics are fundamental to good accounting

"One of the issues we come across a lot is that people have considered independence and they probably could achieve independence according to the code, but they just haven't documented their thought process around it," says Ghandar.

Ghandar adds that auditors should use the framework provided in the APES 110 Code of Ethics for Professional Accountants as a template for documenting independence threats. That is:

1. Identify the threat
2. Evaluate the significance of that threat
3. Consider safeguards you can put in place to address the threat.


Auditors can use safeguards to eliminate threats. In the case of a multiple referrals threat, for example, Ghandar says the auditor can have an external reviewer look at certain files within the SMSF.

An external review may also make it possible for ex-staff and partners to safely work with former employees.

"It can be a real positive because they will know the business and have a good working relationship, but it is also making sure that independence has been fully considered and that the appropriate safeguards are in place," says Ghandar.

However, as each situation is unique, the code says auditors must use their professional judgement to determine if the safeguard is appropriate.

In some cases, the nature of the threat may be so significant that even a safeguard may be called into question by regulators.

"If after you've determined the significance of the threat and come up with the safeguards, if the answer is that you really can't achieve independence with the safeguards, you're not comfortable, then you would need to decline or resign from the engagement," says Ghandar.

Read next: 6 (more) threats to auditor independence


The best security available is a combination of password, multi-factor authentication and biometrics, such as fingerprint or facial recognition.

Everything you’ve been told about passwords is wrong

The role of the accountant is undergoing a significant shift and accounting jobs are shifting, too.

Should young accountants have to do basic accounting work?

3D Maps, previously called Power Maps, is now included in Office subscriptions.

The power in Excel mapping

Like what you're reading? Enter your email to receive the fortnightly INTHEBLACK e-newsletter.

Like what you're reading? Enter your email to receive the fortnightly INTHEBLACK e-newsletter.