ISA (NZ) 200

1. This International Standard on Auditing (New Zealand) (ISA (NZ)) deals with the independent auditor’s overall responsibilities when conducting an audit of financial statements in accordance with ISAs (NZ). Specifically, it sets out the overall objectives of the independent auditor, and explains the nature and scope of an audit designed to enable the independent auditor to meet those objectives. It also explains the scope, authority and structure of the ISAs (NZ), and includes requirements establishing the general responsibilities of the independent auditor applicable in all audits, including the obligation to comply with the ISAs (NZ). The independent auditor is referred to as “the auditor” hereafter.

2. ISAs (NZ) are written in the context of an audit of financial statements by an auditor. They are to be adapted as necessary in the circumstances when applied to audits of other historical financial information. ISAs (NZ) do not address the responsibilities of the auditor that may exist in legislation, regulation or otherwise in connection with, for example, the offering of securities to the public. Such responsibilities may differ from those established in the ISAs (NZ). Accordingly, while the auditor may find aspects of the ISAs (NZ) helpful in such circumstances, it is the responsibility of the auditor to ensure compliance with all relevant legal, regulatory or professional obligations.

3. The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. In the case of most general purpose frameworks, that opinion is on whether the financial statements are presented fairly, in all material respects, or give a true and fair view in accordance with the framework. An audit conducted in accordance with ISAs (NZ) and relevant ethical requirements enables the auditor to form that opinion. (Ref: Para. A1)

4. The financial statements subject to audit are those of the entity, prepared by management of the entity with oversight from those charged with governance. ISAs (NZ) do not impose responsibilities on management or those charged with governance and do not override laws and regulations that govern their responsibilities. However, an audit in accordance with ISAs (NZ) is conducted on the premise that management, and where appropriate, those charged with governance have acknowledged certain responsibilities that are fundamental to the conduct of the audit. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities. (Ref: Para. A2-A11)

NZ4.1 In New Zealand, those charged with governance generally have responsibility for ensuring an entity meets its legal obligations in relation to the preparation of the financial statements. In these cases the process of financial reporting is usually delegated to management, but the responsibility for such matters remains with those charged with governance. In applying this standard the auditor shall apply professional judgement, using knowledge of the legal requirements and corporate governance practices of New Zealand as well as the particular engagement circumstances, to determine whether the requirements of this standard apply to management or those charged with governance or both.

5. As the basis for the auditor’s opinion, ISAs (NZ) require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high level of assurance. It is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. However, reasonable assurance is not an absolute level of assurance, because there are inherent limitations of an audit which result in most of the audit evidence on which the auditor draws conclusions and bases the auditor’s opinion being persuasive rather than conclusive. (Ref: Para. NZA30.1-A54)

6. The concept of materiality is applied by the auditor both in planning and performing the audit, and in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements.¹ In general, misstatements, including omissions, are considered to be material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements. Judgements about materiality are made in the light of surrounding circumstances, and are affected by the auditor’s perception of the financial information needs of users of the financial statements, and by the size or nature of a misstatement, or a combination of both. The auditor’s opinion deals with the financial statements as a whole and therefore the auditor is not responsible for the detection of misstatements that are not material to the financial statements as a whole.

7. The ISAs (NZ) contain objectives, requirements and application and other explanatory material that are designed to support the auditor in obtaining reasonable assurance. The ISAs (NZ) require that the auditor exercise professional judgement and maintain professional scepticism throughout the planning and performance of the audit and, among other things:

• Identify and assess risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, the applicable financial reporting framework and the entity’s system of internal control.

• Obtain sufficient appropriate audit evidence about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks.

• Form an opinion on the financial statements based on conclusions drawn from the audit evidence obtained.

8. The form of opinion expressed by the auditor will depend upon the applicable financial reporting framework and any applicable law or regulation. (Ref: Para. A12-A13)

9. The auditor may also have certain other communication and reporting responsibilities to users, management, those charged with governance, or parties outside the entity, in relation to matters arising from the audit. These may be established by the ISAs (NZ) or by applicable law or regulation.²

10. This ISA (NZ) is effective for audits of financial statements for periods beginning on or after 1 September, 2011. [Note: For the effective dates of paragraphs changed or added by an Amending Standard see the History of Amendments].

11. In conducting an audit of financial statements, the overall objectives of the auditor are:

1. To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and

2. To report on the financial statements, and communicate as required by the ISAs (NZ), in accordance with the auditor’s findings.

12. In all cases when reasonable assurance cannot be obtained and a qualified opinion in the auditor’s report is insufficient in the circumstances for purposes of reporting to the intended users of the financial statements, the ISAs (NZ) require that the auditor disclaim an opinion or withdraw (or resign)³ from the engagement, where withdrawal is possible under applicable law or regulation.

13. For purposes of the ISAs (NZ), the following terms have the meanings attributed below:

NZ13.1 FMC reporting entity considered to have a higher level of public accountability⁴ – A FMC reporting entity or a class of FMC reporting entity that is considered to have a higher level of public accountability than other FMC reporting entities:

• under section 461K of the Financial Markets Conduct Act 2013; or

• by notice issued by the Financial Markets Authority (FMA) under section 461L(1)(1) of the Financial Markets Conduct Act 2013.

14. The auditor shall comply with relevant ethical requirements, including those related to independence, relating to financial statement audit engagements. (Ref: Para. A17-A20)

15. The auditor shall plan and perform an audit with professional scepticism recognising that circumstances may exist that cause the financial statements to be materially misstated. (Ref: Para. A21-A25)

16. The auditor shall exercise professional judgement in planning and performing an audit of financial statements. (Ref: Para. A26-A30)

17. To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion. (Ref: Para. NZA31.1-A57)

18. The auditor shall comply with all ISAs (NZ) relevant to the audit. An ISA (NZ) is relevant to the audit when the ISA (NZ) is in effect and the circumstances addressed by the ISA (NZ) exist. (Ref: Para. A58-A62)

19. The auditor shall have an understanding of the entire text of an ISA (NZ), including its application and other explanatory material, to understand its objectives and to apply its requirements properly. (Ref: Para. A63-A73)

20. The auditor shall not represent compliance with ISAs (NZ) or ISAs⁵ in the auditor’s report unless the auditor has complied with the requirements of this ISA (NZ) and all other ISAs (NZ) relevant to the audit.

21. To achieve the overall objectives of the auditor, the auditor shall use the objectives stated in relevant ISAs (NZ) in planning and performing the audit, having regard to the interrelationships among the ISAs (NZ), to: (Ref: Para. A74-A76)

1. Determine whether any audit procedures in addition to those required by the ISAs (NZ) are necessary in pursuance of the objectives stated in the ISAs (NZ); and (Ref: Para. A77)

2. Evaluate whether sufficient appropriate audit evidence has been obtained. (Ref: Para. A78)

22. Subject to paragraph 23, the auditor shall comply with each requirement of an ISA (NZ) unless, in the circumstances of the audit:

1. The entire ISA (NZ) is not relevant; or

2. The requirement is not relevant because it is conditional and the condition does not exist. (Ref: Para. A79-A80)

23. In exceptional circumstances, the auditor may judge it necessary to depart from a relevant requirement in an ISA (NZ). In such circumstances, the auditor shall perform alternative audit procedures to achieve the aim of that requirement. The need for the auditor to depart from a relevant requirement is expected to arise only where the requirement is for a specific procedure to be performed and, in the specific circumstances of the audit, that procedure would be ineffective in achieving the aim of the requirement. (Ref: Para. A81)

24. If an objective in a relevant ISA (NZ) cannot be achieved, the auditor shall evaluate whether this prevents the auditor from achieving the overall objectives of the auditor and thereby requires the auditor, in accordance with the ISAs (NZ), to modify the auditor’s opinion or withdraw from the engagement (where withdrawal is possible under applicable law or regulation). Failure to achieve an objective represents a significant matter requiring documentation in accordance with ISA (NZ) 230. ⁶ (Ref: Para. A82-A83)

A1. The auditor’s opinion on the financial statements deals with whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. Such an opinion is common to all audits of financial statements. The auditor’s opinion therefore does not assure, for example, the future viability of the entity nor the efficiency or effectiveness with which management has conducted the affairs of the entity. In some jurisdictions, however, applicable law or regulation may require auditors to provide opinions on other specific matters, such as the effectiveness of internal control, or the consistency of a separate management report with the financial statements. While the ISAs (NZ) include requirements and guidance in relation to such matters to the extent that they are relevant to forming an opinion on the financial statements, the auditor would be required to undertake further work if the auditor had additional responsibilities to provide such opinions.

A2. Law or regulation may establish the responsibilities of management and, where appropriate, those charged with governance in relation to financial reporting. However, the extent of these responsibilities, or the way in which they are described, may differ across jurisdictions. Despite these differences, an audit in accordance with ISAs (NZ) is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged and understand that they have responsibility:

1. For the preparation of the financial statements in accordance with the applicable financial reporting framework, including where relevant their fair presentation;

2. For such internal control as management and, where appropriate, those charged with governance determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error; and

3. To provide the auditor with:

   1. Access to all information of which management and, where appropriate, those charged with governance are aware that is relevant to the preparation of the financial statements such as records, documentation and other matters;

   2. Additional information that the auditor may request from management and, where appropriate, those charged with governance for the purpose of the audit; and

   3. Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence.

A3. The preparation of the financial statements by management and, where appropriate, those charged with governance requires:

• The identification of the applicable financial reporting framework, in the context of any relevant laws or regulations.

• The preparation of the financial statements in accordance with that framework.

• The inclusion of an adequate description of that framework in the financial statements.

The preparation of the financial statements requires management to exercise judgement in making accounting estimates that are reasonable in the circumstances, as well as to select and apply appropriate accounting policies. These judgements are made in the context of the applicable financial reporting framework.

A4. The financial statements may be prepared in accordance with a financial reporting framework designed to meet:

• The common financial information needs of a wide range of users (that is, “general purpose financial statements”); or

• The financial information needs of specific users (that is, “special purpose financial statements”).

A5. The applicable financial reporting framework often encompasses financial reporting standards established by an authorised or recognised standards setting organisation, or legislative or regulatory requirements. In some cases, the financial reporting framework may encompass both financial reporting standards established by an authorised or recognised standards setting organisation and legislative or regulatory requirements. Other sources may provide direction on the application of the applicable financial reporting framework. In some cases, the applicable financial reporting framework may encompass such other sources, or may even consist only of such sources. Such other sources may include: 

• The legal and ethical environment, including statutes, regulations, court decisions, and professional ethical obligations in relation to accounting matters;

• Published accounting interpretations of varying authority issued by standards setting, professional or regulatory organisations;

• Published views of varying authority on emerging accounting issues issued by standards setting, professional or regulatory organisations;

• General and industry practices widely recognised and prevalent; and

• Accounting literature.

Where conflicts exist between the financial reporting framework and the sources from which direction on its application may be obtained, or among the sources that encompass the financial reporting framework, the source with the highest authority prevails.

A6. The requirements of the applicable financial reporting framework determine the form and content of the financial statements. Although the framework may not specify how to account for or disclose all transactions or events, it ordinarily embodies sufficient broad principles that can serve as a basis for developing and applying accounting policies that are consistent with the concepts underlying the requirements of the framework.

A7. Some financial reporting frameworks are fair presentation frameworks, while others are compliance frameworks. Financial reporting frameworks that encompass primarily the financial reporting standards established by an organisation that is authorised or recognised to promulgate standards to be used by entities for preparing general purpose financial statements are often designed to achieve fair presentation, for example, International Financial Reporting Standards (IFRSs) issued by the International Accounting Standards Board (IASB).

NZA7.1 Examples of financial reporting requirements that are designed to achieve fair presentation in New Zealand include:

• New Zealand equivalents to International Financial Reporting Standards (NZ IFRS);

• New Zealand equivalents to International Financial Reporting Standards Reduced Disclosure Regime (NZ IFRS RDR);

• Public Benefit Entity Standards (PBE Standards);

• Public Benefit Entity Standards Reduced Disclosure Regime (PBE Standards RDR);

• Reporting Requirements for Tier 3 Public Sector Entities (Tier 3 (PS) Standard);

• Reporting Requirements for Tier 3 Not-for-Profit Entities (Tier 3 (NFP) Standard).

NZA7.2 Examples of financial reporting requirements that only require compliance with the requirements (compliance frameworks) in New Zealand include:

• Reporting Requirements for Tier 4 Public Sector Entities (Tier 4 (PS) Standard);

• Reporting Requirements for Tier 4 Not-for-Profit Entities (Tier 4 (NFP) Standard).

A8. The requirements of the applicable financial reporting framework also determine what constitutes a complete set of financial statements. In the case of many frameworks, financial statements are intended to provide information about the financial position, financial performance and cash flows of an entity. For such frameworks, a complete set of financial statements would include a balance sheet; an income statement; a statement of changes in equity; a cash flow statement; and related notes. For some other financial reporting frameworks, a single financial statement and the related notes might constitute a complete set of financial statements.

Examples of a single financial statement, each of which would include related notes, are:

• Balance sheet.

• Statement of income or statement of operations.

• Statement of retained earnings.

• Statement of cash flows.

• Statement of assets and liabilities that does not include owner’s equity.

• Statement of changes in owner’s equity.

• Statement of revenue and expenses.

• Statement of operations by product lines.

NZA8.1

• Statement of financial position.

• Statement of comprehensive income.

• Statement of recognised income and expense.

A9. ISA (NZ) 210 establishes requirements and provides guidance on determining the acceptability of the applicable financial reporting framework.⁷ ISA (NZ) 800 deals with special considerations when financial statements are prepared in accordance with a special purpose framework.⁸

A10. Because of the significance of the premise to the conduct of an audit, the auditor is required to obtain the agreement of management and, where appropriate, those charged with governance that they acknowledge and understand that they have the responsibilities set out in paragraph A2as a precondition for accepting the audit engagement. ⁹

A11. The mandates for audits of the financial statements of public sector entities may be broader than those of other entities. As a result, the premise, relating to management’s responsibilities, on which an audit of the financial statements of a public sector entity is conducted may include additional responsibilities, such as the responsibility for the execution of transactions and events in accordance with law, regulation or other authority.¹⁰

A12. The opinion expressed by the auditor is on whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. The form of the auditor’s opinion, however, will depend upon the applicable financial reporting framework and any applicable law or regulation. Most financial reporting frameworks include requirements relating to the presentation of the financial statements; for such frameworks, preparation of the financial statements in accordance with the applicable financial reporting framework includes presentation.

A13. Where the financial reporting framework is a fair presentation framework, as is generally the case for general purpose financial statements, the opinion required by the ISAs (NZ) is on whether the financial statements are presented fairly, in all material respects, or give a true and fair view. Where the financial reporting framework is a compliance framework, the opinion required is on whether the financial statements are prepared, in all material respects, in accordance with the framework. Unless specifically stated otherwise, references in the ISAs (NZ) to the auditor’s opinion cover both forms of opinion.

A14. Some financial reporting frameworks may refer to an entity’s economic resources or obligations in other terms. For example, these may be referred to as the entity’s assets and liabilities, and the residual difference between them may be referred to as equity or equity interests.

A15. Explanatory or descriptive information required to be included in the financial statements by the applicable financial reporting framework may be incorporated therein by cross- reference to information in another document, such a management report or a risk report. “Incorporated therein by cross-reference” means cross-referenced from the financial statements to the other document, but not from the other document to the financial statements. Where the applicable financial reporting framework does not expressly prohibit the cross-referencing of where explanatory or descriptive information may be found, and the information has been appropriately cross-referenced, the information will form part of the financial statements.

A16. For the purposes of the ISAs (NZ), a risk of material misstatement exists when there is a reasonable possibility of:

1. A misstatement occurring (i.e., its likelihood); and

2. Being material if it were to occur (i.e., its magnitude).

A17. The auditor is subject to relevant ethical requirements, including those related to independence, relating to financial statement audit engagements. Relevant ethical requirements ordinarily comprise the provisions of Professional and Ethical Standard 1¹¹ related to an audit of financial statements.

A18. Professional and Ethical Standard 1 establishes the fundamental principles of ethics, which are:

1. Integrity;

2. Objectivity;

3. Professional competence and due care;

4. Confidentiality; and

5. Professional Behaviour.

The fundamental principles of ethics establish the standard of behaviour expected of an assurance practitioner.

Professional and Ethical Standard 1 provides a conceptual framework that establishes the approach which an assurance practitioner is required to apply when identifying, evaluating and addressing threats to compliance with the fundamental principles. In the case of audits, reviews and other assurance engagements, Professional and Ethical Standard 1 sets out International Independence Standards (New Zealand) established by the application of the conceptual framework to threats to independence in relation to those engagements.

A19. In the case of an audit engagement it is in the public interest and, therefore, required by Professional and Ethical Standard 1, that the auditor be independent of the entity subject to the audit. Professional and Ethical Standard 1 describes independence as comprising both independence of mind and independence in appearance. The auditor’s independence from the entity safeguards the auditor’s ability to form an audit opinion without being affected by influences that might compromise that opinion. Independence enhances the auditor’s ability to act with integrity, to be objective and to maintain an attitude of professional scepticism.

A20. Professional and Ethical Standard 3,¹² deals with the firm’s responsibilities to design, implement and operate a system of quality management that provides the firm with reasonable assurance that the firm and its personnel fulfill their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements. As part of its system of quality management, Professional and Ethical Standard 3 requires the firm to establish quality objectives that address the fulfillment of responsibilities in accordance with relevant ethical requirements, including those related to independence.¹³ ISA (NZ) 220 (Revised) sets out the engagement partner’s responsibilities with respect to relevant ethical requirements, including those related to independence¹⁴. ISA (NZ) 220 (Revised) also describes when the engagement team may depend on the firm’s policies and procedures in managing and achieving quality at the engagement level.¹⁵

A21. Professional scepticism includes being alert to, for example:

• Audit evidence that contradicts other audit evidence obtained.

• Information that brings into question the reliability of documents and responses to enquiries to be used as audit evidence.

• Conditions that may indicate possible fraud.

• Circumstances that suggest the need for audit procedures in addition to those required by the ISAs (NZ).

A22. Maintaining professional scepticism throughout the audit is necessary if the auditor is, for example, to reduce the risks of:

• Overlooking unusual circumstances.

• Over generalising when drawing conclusions from audit observations.

• Using inappropriate assumptions in determining the nature, timing, and extent of the audit procedures and evaluating the results thereof.

A23. Professional scepticism is necessary to the critical assessment of audit evidence. This includes questioning contradictory audit evidence and the reliability of documents and responses to enquiries and other information obtained from management and those charged with governance. It also includes consideration of the sufficiency and appropriateness of audit evidence obtained in the light of the circumstances, for example in the case where fraud risk factors exist and a single document, of a nature that is susceptible to fraud, is the sole supporting evidence for a material financial statement amount.

A24. The auditor may accept records and documents as genuine unless the auditor has reason to believe the contrary. Nevertheless, the auditor is required to consider the reliability of information to be used as audit evidence.¹⁶ In cases of doubt about the reliability of information or indications of possible fraud (for example, if conditions identified during the audit cause the auditor to believe that a document may not be authentic or that terms in a document may have been falsified), the ISAs (NZ) require that the auditor investigate further and determine what modifications or additions to audit procedures are necessary to resolve the matter.¹⁷

A25. The auditor cannot be expected to disregard past experience of the honesty and integrity of the entity’s management and those charged with governance. Nevertheless, a belief that management and those charged with governance are honest and have integrity does not relieve the auditor of the need to maintain professional scepticism or allow the auditor to be satisfied with less-than-persuasive audit evidence when obtaining reasonable assurance.

A26. Professional judgement is essential to the proper conduct of an audit. This is because interpretation of relevant ethical requirements and the ISAs (NZ) and the informed decisions required throughout the audit cannot be made without the application of relevant knowledge and experience to the facts and circumstances. Professional judgement is necessary in particular regarding decisions about:

• Materiality and audit risk.

• The nature, timing, and extent of audit procedures used to meet the requirements of the ISAs (NZ) and gather audit evidence.

• Evaluating whether sufficient appropriate audit evidence has been obtained, and whether more needs to be done to achieve the objectives of the ISAs (NZ) and thereby, the overall objectives of the auditor.

• The evaluation of management’s judgements in applying the entity’s applicable financial reporting framework.

• The drawing of conclusions based on the audit evidence obtained, for example, assessing the reasonableness of the estimates made by management in preparing the financial statements.

A27. The distinguishing feature of the professional judgement expected of an auditor is that it is exercised by an auditor whose training, knowledge and experience have assisted in developing the necessary competencies to achieve reasonable judgements.

A28. The exercise of professional judgement in any particular case is based on the facts and circumstances that are known by the auditor. Consultation on difficult or contentious matters during the course of the audit, both within the engagement team and between the engagement team and others at the appropriate level within or outside the firm, such as that required by ISA (NZ) 220 (Revised),¹⁸ assist the auditor in making informed and reasonable judgements.

A29. Professional judgement can be evaluated based on whether the judgement reached reflects a competent application of auditing and accounting principles and is appropriate in the light of, and consistent with, the facts and circumstances that were known to the auditor up to the date of the auditor’s report.

A30. Professional judgement needs to be exercised throughout the audit. It also needs to be appropriately documented. In this regard, the auditor is required to prepare audit documentation sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the significant professional judgements made in reaching conclusions on significant matters arising during the audit.¹⁹ Professional judgement is not to be used as the justification for decisions that are not otherwise supported by the facts and circumstances of the engagement or sufficient appropriate audit evidence.

A31. [Amended by the NZAuASB].

NZA31.1 Audit evidence is necessary to support the auditor’s opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. It may, however, also include information obtained from other sources such as previous audits (provided the auditor has determined whether changes have occurred since the previous audit that may affect its relevance to the current audit²⁰) or through the information obtained by the firm in the acceptance or continuance of the client relationship or engagement. In addition to other sources inside and outside the entity, the entity’s accounting records are an important source of audit evidence. Also, information that may be used as audit evidence may have been prepared by an expert employed or engaged by the entity. Audit evidence comprises both information that supports and corroborates management’s assertions, and any information that contradicts such assertions. In addition, in some cases, the absence of information (for example, the refusal of those charged with governance to provide a requested representation) is used by the auditor, and therefore, also constitutes audit evidence. Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit evidence.

A32. The sufficiency and appropriateness of audit evidence are interrelated. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the quality, the less may be required). Obtaining more audit evidence, however, may not compensate for its poor quality.

A33. Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained.

A34. Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter of professional judgement. ISA (NZ) 500 and other relevant ISAs (NZ) establish additional requirements and provide further guidance applicable throughout the audit regarding the auditor’s considerations in obtaining sufficient appropriate audit evidence.

A35. Audit risk is a function of the risks of material misstatement and detection risk. The assessment of risks is based on audit procedures to obtain information necessary for that purpose and evidence obtained throughout the audit. The assessment of risks is a matter of professional judgement, rather than a matter capable of precise measurement.

A36. For purposes of the ISAs (NZ), audit risk does not include the risk that the auditor might express an opinion that the financial statements are materially misstated when they are not. This risk is ordinarily insignificant. Further, audit risk is a technical term related to the process of auditing; it does not refer to the auditor’s business risks such as loss from litigation, adverse publicity, or other events arising in connection with the audit of financial statements.

A37. The risks of material misstatement may exist at two levels:

• The overall financial statement level; and

• The assertion level for classes of transactions, account balances, and disclosures.

A38. Risks of material misstatement at the overall financial statement level refer to risks of material misstatement that relate pervasively to the financial statements as a whole and potentially affect many assertions.

A39. Risks of material misstatement at the assertion level are assessed in order to determine the nature, timing, and extent of further audit procedures necessary to obtain sufficient appropriate audit evidence. This evidence enables the auditor to express an opinion on the financial statements at an acceptably low level of audit risk. Auditors use various approaches to accomplish the objective of assessing the risks of material misstatement. For example, the auditor may make use of a model that expresses the general relationship of the components of audit risk in mathematical terms to arrive at an acceptable level of detection risk. Some auditors find such a model to be useful when planning audit procedures.

A40. The risks of material misstatement at the assertion level consist of two components: inherent risk and control risk. Inherent risk and control risk are the entity’s risks; they exist independently of the audit of the financial statements.

A41. Inherent risk influenced by inherent risk factors. Depending on the degree to which the inherent risk factors affect the susceptibility to misstatement of an assertion, the level of inherent risk varies on a scale that is referred to as the spectrum of inherent risk. The auditor determines significant classes of transactions, account balances and disclosures, and their relevant assertions, as part of the process of identifying and assessing the risks of material misstatement. For example, account balances consisting of amounts derived from accounting estimates that are subject to significant estimation uncertainty may be identified as significant account balances, and the auditor’s assessment of inherent risk for the related risks at the assertion level may be higher because of the high estimation uncertainty.

A42. External circumstances giving rise to business risks may also influence inherent risk. For example, technological developments might make a particular product obsolete, thereby causing inventory to be more susceptible to overstatement. Factors in the entity and its environment that relate to several or all of the classes of transactions, account balances, or disclosures may also influence the inherent risk related to a specific assertion. Such factors may include, for example, a lack of sufficient working capital to continue operations or a declining industry characterised by a large number of business failures.

A43. Control risk is a function of the effectiveness of the design, implementation and maintenance of controls by management to address identified risks that threaten the achievement of the entity’s objectives relevant to preparation of the entity’s financial statements. However, internal control, no matter how well designed and operated, can only reduce, but not eliminate, risks of material misstatement in the financial statements, because of the inherent limitations of controls. These include, for example, the possibility of human errors or mistakes, or of controls being circumvented by collusion or inappropriate management override. Accordingly, some control risk will always exist. The ISAs (NZ) provide the conditions under which the auditor is required to, or may choose to, test the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures to be performed.²¹

A44. The assessment of the risks of material misstatement may be expressed in quantitative terms, such as in percentages, or in non-quantitative terms. In any case, the need for the auditor to make appropriate risk assessments is more important than the different approaches by which they may be made. The ISAs (NZ) typically refer to the “risks of material misstatement” rather than to inherent risk and control risk separately. However, ISA (NZ) 315 (Revised 2019)²² requires inherent risk to be assessed separately from control risk to provide basis for designing and performing further audit procedures to respond to the assessed risks of material misstatement at the assertion level, in accordance with ISA (NZ) 330.

A45. ISA (NZ) 315 (Revised 2019) establishes requirements and provides guidance on identifying and assessing the risks of material misstatement at the financial statement and assertion levels.

A46. Risks of material misstatement are assessed at the assertion level in order to determine the nature, timing and extent of further audit procedures necessary to obtain sufficient appropriate audit evidence.²³

A47. For a given level of audit risk, the acceptable level of detection risk bears an inverse relationship to the assessed risks of material misstatement at the assertion level. For example, the greater the risks of material misstatement the auditor believes exists, the less the detection risk that can be accepted and, accordingly, the more persuasive the audit evidence required by the auditor.

A48. Detection risk relates to the nature, timing, and extent of the auditor’s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. It is therefore a function of the effectiveness of an audit procedure and of its application by the auditor. Matters such as:

A49. ISA (NZ) 300 ²⁴ and ISA (NZ) 330 establish requirements and provide guidance on planning an audit of financial statements and the auditor’s responses to assessed risks. Detection risk, however, can only be reduced, not eliminated, because of the inherent limitations of an audit. Accordingly, some detection risk will always exist.

A50. The auditor is not expected to, and cannot, reduce audit risk to zero and cannot therefore obtain absolute assurance that the financial statements are free from material misstatement due to fraud or error. This is because there are inherent limitations of an audit, which result in most of the audit evidence on which the auditor draws conclusions and bases the auditor’s opinion being persuasive rather than conclusive. The inherent limitations of an audit arise from:

• The nature of financial reporting;

• The nature of audit procedures; and

• The need for the audit to be conducted within a reasonable period of time and at a reasonable cost.

A51. The preparation of financial statements involves judgement by management in applying the requirements of the entity’s applicable financial reporting framework to the facts and circumstances of the entity. In addition, many financial statement items involve subjective decisions or assessments or a degree of uncertainty, and there may be a range of acceptable interpretations or judgements that may be made. Consequently, some financial statement items are subject to an inherent level of variability which cannot be eliminated by the application of additional auditing procedures. For example, this is often the case with respect to certain accounting estimates. Nevertheless, the ISAs (NZ) require the auditor to give specific consideration to whether accounting estimates are reasonable in the context of the applicable financial reporting framework and related disclosures, and to the qualitative aspects of the entity’s accounting practices, including indicators of possible bias in management’s judgements.²⁵

A52. There are practical and legal limitations on the auditor’s ability to obtain audit evidence.

For example:

• There is the possibility that management or others may not provide, intentionally or unintentionally, the complete information that is relevant to the preparation of the financial statements or that has been requested by the auditor. Accordingly, the auditor cannot be certain of the completeness of information, even though the auditor has performed audit procedures to obtain assurance that all relevant information has been obtained.

• Fraud may involve sophisticated and carefully organised schemes designed to conceal it. Therefore, audit procedures used to gather audit evidence may be ineffective for detecting an intentional misstatement that involves, for example, collusion to falsify documentation which may cause the auditor to believe that audit evidence is valid when it is not. The auditor is neither trained as nor expected to be an expert in the authentication of documents.

• An audit is not an official investigation into alleged wrongdoing. Accordingly, the auditor is not given specific legal powers, such as the power of search, which may be necessary for such an investigation.

A53. The matter of difficulty, time, or cost involved is not in itself a valid basis for the auditor to omit an audit procedure for which there is no alternative or to be satisfied with audit evidence that is less than persuasive. Appropriate planning assists in making sufficient time and resources available for the conduct of the audit. Notwithstanding this, the relevance of information, and thereby its value, tends to diminish over time, and there is a balance to be struck between the reliability of information and its cost. This is recognised in certain financial reporting frameworks (see, for example, the New Zealand Equivalent to the IASB’s Conceptual Framework for Financial Reporting). Therefore, there is an expectation by users of financial statements that the auditor will form an opinion on the financial statements within a reasonable period of time and at a reasonable cost, recognising that it is impracticable to address all information that may exist or to pursue every matter exhaustively on the assumption that information is in error or fraudulent until proved otherwise.

A54. Consequently, it is necessary for the auditor to:

• Plan the audit so that it will be performed in an effective manner;

• Direct audit effort to areas most expected to contain risks of material misstatement, whether due to fraud or error, with correspondingly less effort directed at other areas; and

• Use testing and other means of examining populations for misstatements.

A55. In light of the approaches described in paragraph A54, the ISAs (NZ) contain requirements for the planning and performance of the audit and require the auditor, among other things, to:

• Have a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels by performing risk assessment procedures and related activities; 26 and

• Use testing and other means of examining populations in a manner that provides a reasonable basis for the auditor to draw conclusions about the population.²⁷

A56. In the case of certain assertions or subject matters, the potential effects of the inherent limitations on the auditor’s ability to detect material misstatements are particularly significant. Such assertions or subject matters include:

• Fraud, particularly fraud involving senior management or collusion. See ISA (NZ) 240 for further discussion.

• The existence and completeness of related party relationships and transactions. See ISA (NZ) 550 ²⁸ for further discussion.

• The occurrence of non-compliance with laws and regulations. See ISA (NZ) 250 (Revised) ²⁹ for further discussion.

• Future events or conditions that may cause an entity to cease to continue as a going concern. See ISA 570 ³⁰ for further discussion.

Relevant ISAs (NZ) identify specific audit procedures to assist in mitigating the effect of the inherent limitations.

A57. Because of the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with ISAs (NZ). Accordingly, the subsequent discovery of a material misstatement of the financial statements resulting from fraud or error does not by itself indicate a failure to conduct an audit in accordance with ISAs (NZ). However, the inherent limitations of an audit are not a justification for the auditor to be satisfied with less-than-persuasive audit evidence. Whether the auditor has performed an audit in accordance with ISAs (NZ) is determined by the audit procedures performed in the circumstances, the sufficiency and appropriateness of the audit evidence obtained as a result thereof and the suitability of the auditor’s report based on an evaluation of that evidence in light of the overall objectives of the auditor.

A58. The ISAs (NZ), taken together, provide the standards for the auditor’s work in fulfilling the overall objectives of the auditor. The ISAs (NZ) deal with the general responsibilities of the auditor, as well as the auditor’s further considerations relevant to the application of those responsibilities to specific topics.

A59. The scope, effective date and any specific limitation of the applicability of a specific ISA (NZ) is made clear in the ISA (NZ). Unless otherwise stated in the ISA (NZ), the auditor is permitted to apply an ISA (NZ) before the effective date specified therein.

A60. In performing an audit, the auditor may be required to comply with legal or regulatory requirements in addition to the ISAs (NZ). The ISAs (NZ) do not override law or regulation that governs an audit of financial statements. In the event that such law or regulation differs from the ISAs (NZ), an audit conducted only in accordance with law or regulation will not automatically comply with ISAs (NZ).

A61. The auditor may also conduct the audit in accordance with both ISAs and auditing standards of a specific jurisdiction or country. In such cases, in addition to complying with each of the ISAs relevant to the audit, it may be necessary for the auditor to perform additional audit procedures in order to comply with the relevant standards of that jurisdiction or country.

A62. The ISAs (NZ) are relevant to engagements in the public sector. The public sector auditor’s responsibilities, however, may be affected by the audit mandate which may encompass a broader scope than an audit of financial statements in accordance with the ISAs (NZ). These additional responsibilities are not dealt with in the ISAs (NZ). They may be dealt with in the Auditor-General’s Auditing Standards or in other guidance developed by the Auditor-General.

A63. In addition to objectives and requirements (requirements are expressed in the ISAs (NZ) using “shall”), an ISA (NZ) contains related guidance in the form of application and other explanatory material. It may also contain introductory material that provides context relevant to a proper understanding of the ISA (NZ), and definitions. The entire text of an ISA (NZ), therefore, is relevant to an understanding of the objectives stated in an ISA (NZ) and the proper application of the requirements of an ISA (NZ).

A64. Where necessary, the application and other explanatory material provides further explanation of the requirements of an ISA (NZ) and guidance for carrying them out. In particular, it may:

• Explain more precisely what a requirement means or is intended to cover, including in some ISAs (NZ) such as ISA (NZ) 315 (Revised 2019), why a procedure is required.
• Include examples of procedures that may be appropriate in the circumstances. In some ISAs (NZ), such as ISA (NZ) 315 (Revised 2019), examples are presented in boxes.

While such guidance does not in itself impose a requirement, it is relevant to the proper application of the requirements of an ISA (NZ). The application and other explanatory material may also provide background information on matters addressed in an ISA (NZ).

A65. Appendices form part of the application and other explanatory material. The purpose and intended use of an appendix are explained in the body of the related ISA (NZ) or within the title and introduction of the appendix itself.

A66. Introductory material may include, as needed, such matters as explanation of:

• The purpose and scope of the ISA (NZ), including how the ISA (NZ) relates to other ISAs (NZ).

• The subject matter of the ISA (NZ).

• The respective responsibilities of the auditor and others in relation to the subject matter of the ISA (NZ).

• The context in which the ISA (NZ) is set.

A67. An ISA (NZ) may include, in a separate section under the heading ‘Definitions’, a description of the meanings attributed to certain terms for purposes of the ISAs (NZ). These are provided to assist in the consistent application and interpretation of the ISAs (NZ), and are not intended to override definitions that may be established for other purposes, whether in law, regulation or otherwise. Unless otherwise indicated, those terms will carry the same meanings throughout the ISAs (NZ). The Glossary of Terms issued by the New Zealand Auditing and Assurance Standards Board contains a complete listing of terms defined in the ISAs (NZ). It also includes descriptions of other terms found in the ISAs (NZ) to assist in common and consistent interpretation.

A68. When appropriate, additional considerations specific to audits of smaller entities and public sector entities are included within the application and other explanatory material of an ISA (NZ). These additional considerations assist in the application of the requirements of the ISA (NZ) in the audit of such entities. They do not, however, limit or reduce the responsibility of the auditor to apply and comply with the requirements of the ISAs (NZ).

A69. Scalability considerations have been included in some ISAs (NZ) (e.g., ISA (NZ) 315 (Revised 2019)), illustrating the application of the requirements to all entities regardless of whether their nature and circumstances are less complex or more complex. Less complex entities are entities for which the characteristics in paragraph A66 may apply.

A70. The “considerations specific to smaller entities” included in some ISAs (NZ) have been developed primarily with entities that are not FMC reporting entities considered to have a higher level of public accountability in mind. Some of the considerations, however, may be helpful in audits of smaller FMC reporting entities considered to have a higher level of public accountability.

A71. For purposes of specifying additional considerations to audits of smaller entities, a “smaller entity” refers to an entity which typically possesses qualitative characteristics such as:

1. Concentration of ownership and management in a small number of individuals (often a single individual – either a natural person or another enterprise that owns the entity provided the owner exhibits the relevant qualitative characteristics); and

2. One or more of the following:

   1. Straightforward or uncomplicated transactions;

   2. Simple record-keeping;

   3. Few lines of business and few products within business lines;

   4. Simpler systems of internal controls;

   5. Few levels of management with responsibility for a broad range of controls; or

   6. Few personnel, many having a wide range of duties.

These qualitative characteristics are not exhaustive, they are not exclusive to smaller entities, and smaller entities do not necessarily display all of these characteristics.

A72. The considerations specific to “automated tools and techniques” included in some ISAs (for example, ISA (NZ) 315 (Revised 2019)) have been developed to explain how the auditor may apply certain requirements when using automated tools and techniques in performing audit procedures.

A73. The ISAs (NZ) refer to the proprietor of a smaller entity who is involved in running the entity on a day-to-day basis as the “owner-manager.”

A74. Each ISA (NZ) contains one or more objectives which provide a link between the requirements and the overall objectives of the auditor. The objectives in individual ISAs (NZ) serve to focus the auditor on the desired outcome of the ISA (NZ), while being specific enough to assist the auditor in:

• Understanding what needs to be accomplished and, where necessary, the appropriate means of doing so; and

• Deciding whether more needs to be done to achieve them in the particular circumstances of the audit.

A75. Objectives are to be understood in the context of the overall objectives of the auditor stated in paragraph 11 of this ISA (NZ). As with the overall objectives of the auditor, the ability to achieve an individual objective is equally subject to the inherent limitations of an audit.

A76. In using the objectives, the auditor is required to have regard to the interrelationships among the ISAs (NZ). This is because, as indicated in paragraph A55, the ISAs (NZ) deal in some cases with general responsibilities and in others with the application of those responsibilities to specific topics. For example, this ISA (NZ) requires the auditor to adopt an attitude of professional scepticism; this is necessary in all aspects of planning and performing an audit but is not repeated as a requirement of each ISA (NZ). At a more detailed level, ISA (NZ) 315 (Revised 2019) and ISA (NZ) 330 contain, among other things, objectives and requirements that deal with the auditor’s responsibilities to identify and assess the risks of material misstatement and to design and perform further audit procedures to respond to those assessed risks, respectively; these objectives and requirements apply throughout the audit. An ISA (NZ) dealing with specific aspects of the audit (for example, ISA (NZ) 540 (Revised)) may expand on how the objectives and requirements of such ISAs (NZ) as ISA (NZ) 315 (Revised 2019) and ISA (NZ) 330 are to be applied in relation to the subject of the ISA (NZ) but does not repeat them. Thus, in achieving the objective stated in ISA (NZ) 540 (Revised), the auditor has regard to the objectives and requirements of other relevant ISAs (NZ).

A77. The requirements of the ISAs (NZ) are designed to enable the auditor to achieve the objectives specified in the ISAs (NZ), and thereby the overall objectives of the auditor. The proper application of the requirements of the ISAs (NZ) by the auditor is therefore expected to provide a sufficient basis for the auditor’s achievement of the objectives. However, because the circumstances of audit engagements vary widely and all such circumstances cannot be anticipated in the ISAs (NZ), the auditor is responsible for determining the audit procedures necessary to fulfill the requirements of the ISAs (NZ) and to achieve the objectives. In the circumstances of an engagement, there may be particular matters that require the auditor to perform audit procedures in addition to those required by the ISAs (NZ) to meet the objectives specified in the ISAs (NZ).

A78. The auditor is required to use the objectives to evaluate whether sufficient appropriate audit evidence has been obtained in the context of the overall objectives of the auditor. If as a result the auditor concludes that the audit evidence is not sufficient and appropriate, then the auditor may follow one or more of the following approaches to meeting the requirement of paragraph 21(b):

• Evaluate whether further relevant audit evidence has been, or will be, obtained as a result of complying with other ISAs (NZ);

• Extend the work performed in applying one or more requirements; or

• Perform other procedures judged by the auditor to be necessary in the circumstances.

Where none of the above is expected to be practical or possible in the circumstances, the auditor will not be able to obtain sufficient appropriate audit evidence and is required by the ISAs (NZ) to determine the effect on the auditor’s report or on the auditor’s ability to complete the engagement

A79. In some cases, an ISA (NZ) (and therefore all of its requirements) may not be relevant in the circumstances. For example, if an entity does not have an internal audit function, nothing in ISA (NZ) 610 (Revised 2013)³¹ is relevant.

A80. Within a relevant ISA (NZ), there may be conditional requirements. Such a requirement is relevant when the circumstances envisioned in the requirement apply and the condition exists. In general, the conditionality of a requirement will either be explicit or implicit, for example:

• The requirement to modify the auditor’s opinion if there is a limitation of scope³² represents an explicit conditional requirement.

• The requirement to communicate significant deficiencies in internal control identified during the audit to those charged with governance,³³ which depends on the existence of such identified significant deficiencies; and the requirement to obtain sufficient appropriate audit evidence regarding the presentation and disclosure of segment information in accordance with the applicable financial reporting framework,³⁴ which depends on that framework requiring or permitting such disclosure, represent implicit conditional requirements.

In some cases a requirement may be expressed as being conditional on applicable law or regulation. For example, the auditor may be required to withdraw from the audit engagement, where withdrawal is possible under applicable law or regulation, or the auditor may be required to do something, unless prohibited by law or regulation. Depending on the jurisdiction, the legal or regulatory permission or prohibition may be explicit or implicit.

A81. ISA (NZ) 230 establishes documentation requirements in those exceptional circumstances where the auditor departs from a relevant requirement.³⁵ The ISAs (NZ) do not call for compliance with a requirement that is not relevant in the circumstances of the audit.

A82. Whether an objective has been achieved is a matter for the auditor’s professional judgement. That judgement takes account of the results of audit procedures performed in complying with the requirements of the ISAs (NZ), and the auditor’s evaluation of whether sufficient appropriate audit evidence has been obtained and whether more needs to be done in the particular circumstances of the audit to achieve the objectives stated in the ISAs (NZ). Accordingly, circumstances that may give rise to a failure to achieve an objective include those that:

• Prevent the auditor from complying with the relevant requirements of an ISA (NZ).

• Result in its not being practicable or possible for the auditor to carry out the additional audit procedures or obtain further audit evidence as determined necessary from the use of the objectives in accordance with paragraph 21, for example due to a limitation in the available audit evidence.

A83. Audit documentation that meets the requirements of ISA (NZ) 230 and the specific documentation requirements of other relevant ISAs (NZ) provides evidence of the auditor’s basis for a conclusion about the achievement of the overall objectives of the auditor. While it is unnecessary for the auditor to document separately (as in a checklist, for example) that individual objectives have been achieved, the documentation of a failure to achieve an objective assists the auditor’s evaluation of whether such a failure has prevented the auditor from achieving the overall objectives of the auditor.