A recent review by the Australian Securities and Investments Commission (ASIC) has uncovered significant shortcomings in auditor compliance with independence and conflict of interest obligations across firms of all sizes. The findings are detailed here1 and will be of interest to the entire auditor population, but in particular, accounting and audit practices and professional accounting bodies.
Scope of the review
ASIC’s review covered 48 auditors and 19 audit firms, selected through a risk-based, data-driven approach from a pool of 2,900 auditors. Firms included major players such as Deloitte, Ernst & Young, KPMG, PwC, and mid-tier firms like BDO, Grant Thornton, William Buck, and Hall Chadwick.
The investigation formed part of ASIC’s expanded initiative to enhance financial reporting and audit quality. It plans to increase audit surveillances in 2025–26, with a focus on concerns surrounding independence.
ASIC’s investigation revealed that multiple auditors failed to meet basic independence standards, with some unable to critically assess threats to their objectivity. ASIC Commissioner Kate O’Rourke emphasised that auditor independence is essential to maintaining stakeholder trust and the integrity of financial reporting.
Key findings
ASIC found that many auditors, whether practising as individual auditors or from audit firms (of all sizes), were unable to effectively demonstrate how they complied with their prescriptive and general independence obligations or conflicts of interest obligations.
Almost one third were in likely breach of independence rules, including:
- 19 who failed to comply with mandatory audit rotation requirements.
- 5 who held prohibited relationships with clients, including one who was also a client officeholder.
- None of the flagged auditors proactively reported their breaches to ASIC, despite prior reminders. Before ASIC commenced their review it wrote to auditors and called on them to identify and report noncompliance with their independence and conflicts of interest obligations. Notwithstanding this, none of the auditors who appeared to breach the independence requirements proactively identified and reported this to ASIC before they started making their inquiries.
It is important to note that the audits selected by ASIC were flagged for being at a higher risk of non-compliance. It follows that the review does not provide a representative sample of the entire audit industry.
Regulatory action
As a result of the investigation ASIC has taken enforcement steps including:
- Cancellation of an auditor’s registration due to independence failures. Specifically the auditor:
- provided audit activities while being company secretary of the audited bodies, which constituted a prohibited relationship.
- maintained a long association with the audit clients without adequate independence threat assessments and safeguards in place.
- A $78,250 infringement notice issued for providing a non-audit service which is not allowable under APES 110 Code of Ethics.
- Court enforceable undertakings for not meeting rotation requirements on multiple occasions, and for failures relating to systems of quality management.
Further inquiries into potential breaches are ongoing.
Risk management tips for accountants and auditors
To mitigate risks and ensure compliance with independence obligations, professionals in the audit sector should consider the following best practices:
- Strengthen independence assessments
- Go beyond checklists: critically evaluate relationships and services for actual and perceived threats to independence.
- Document rationale for independence decisions, especially in complex or borderline cases.
- Implement robust rotation tracking
- Use automated systems to monitor audit tenure and flag upcoming rotation deadlines.
- Ensure clear policies are in place for transitioning audit partners and teams.
- Avoid prohibited services
- Maintain a clear separation between audit and non-audit services.
- Establish internal review processes to vet service offerings before engagement.
- Enhance training and awareness
- Provide regular training on ethical standards, independence rules, and ASIC expectations.
- Include real-world scenarios to help staff identify subtle threats to independence.
- Foster a culture of transparency
- Encourage proactive reporting of potential breaches or concerns.
- Create safe channels for staff to raise independence issues without fear of reprisal.
- Conduct periodic internal reviews
- Perform regular internal audits of independence compliance.
- Benchmark practices against ASIC guidance and industry standards.
- Engage in continuous dialogue with clients
- Clarify roles and boundaries early in the engagement.
- Reassess relationships when client circumstances change (e.g., mergers, new officeholders).
In addition to the risk management initiatives discussed above auditors should consider the adequacy of their insurance programme to respond to a breach notice, civil penalty or fine or regulatory action by ASIC.
