Where are key audit matters placed within the independent auditors report?

After years of very few changes, the AICPA issued a suite of new auditing standards; the most significant one is Statement on Auditing Standards (SAS) No. 134, Auditor Reporting and Amendments, Including Amendments Addressing Disclosures in the Audit of Financial Statements. SAS 134 transformed the independent auditor’s report by rearranging the content and making it more descriptive. Additionally, the standard established AU-C 701, Communicating Key Audit Matters in the Independent Auditor’s Report. Key Audit Matters (KAMs) are defined as: 

“Those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance.” 

Fortunately, KAM reporting in the auditor’s report is optional and at the discretion of the entity being audited. The concept of KAMs is not new. It was first introduced by the International Auditing and Assurance Standards Board (IAASB). Similar to the AICPA requirements, IAASB KAMs are tailored to the individual entity and are selected from matters communicated to those charged with governance. IAASB audits of listed entities have included KAM reporting for several years providing helpful guidance for KAM reporting. The PCAOB adopted a similar, but less broad, version known as Critical Audit Matters.

KAMs may include areas of significant audit risk, areas requiring significant estimation and judgment by management, or other major events the entity experienced during the current period under audit. 

Examples of KAMs include:

• Significant estimates 
• Significant unusual transactions 
• Revenue
• Goodwill
• Intangibles
• Income taxes
• Contingencies
• Implementation of new IT systems that have a significant impact on financial reporting
• Areas with audit adjustments and/or internal control deficiencies

Once engaged to report on KAMs, auditors are responsible for identifying and communicating KAMs. The auditor must describe the KAM, why it was deemed one of the most significant matters and how it was addressed during the audit. The auditor is required to discuss KAMs with those charged with governance and should do so throughout the audit. 

When determining whether to engage the auditor to report on KAMs, an entity is encouraged to consider the needs of the intended users of its financial statements and the entity’s view about sharing the information communicated in KAMs to such users.

The suite of auditing standards are effective for audits of financial statements for periods ending on or after December 15, 2020. As KAMs reporting is optional, entities will need to decide whether to elect KAM reporting. As organizations change over time, an entity that does not elect KAM reporting now may add the reporting in a future period.

Due to the COVID-19 pandemic, the effective date was deferred to periods ending on or after December 15, 2021, with early adoption permitted. Most CPA firms elected to postpone.

Enhanced auditor’s reports are already business as usual in the UK and the Netherlands. Soon they will become a permanent fixture of the global reporting landscape.

The new standards

In January 2015, the International Auditing and Assurance Standards Board (IAASB) issued its new and revised auditor reporting standards, which require auditors to provide more transparent and informative reports on the companies they audit. These standards have been issued in response to demand from users of financial statements, in the wake of the financial crisis, for more relevant information on audits.

The aim of the standards is to produce auditor’s reports that increase the public’s confidence in both the audit process itself and the financial statements of companies. The IAASB also believes that enhancing auditor reporting will improve communications between the auditor and investors, as well as between auditors and those charged with governance.

“As a user, it can be challenging to understand what’s in the financial statements, let alone how they’ve been audited,” says Fiona Campbell, a partner in EY’s Australian assurance practice and a member of the IAASB. “The new auditor’s reports are therefore meant to enhance the understanding of the audit of the financial statements among users – investors, analysts, regulators, suppliers, employees and governments. It will give people a better understanding of what we do and how we do it.”

A number of interested parties responded positively to the exposure draft of the new auditor reporting standards when it was issued in 2013. A global accountancy body, the Association of Chartered Certified Accountants (ACCA), was broadly supportive, commenting: “The report of the auditor is the most visible output of the audit process, and we welcome this initiative of the IAASB to improve its usefulness and relevance to shareholders and other interested parties. The project will also promote financial reporting of the highest quality.”

Since the new standards apply (in many jurisdictions) to the audits of financial statements for periods ending on or after 15 December 2016, management, audit committees and auditors must start preparing for their implementation now.

Significant issues

One of the challenges with financial statements is that they are, as Campbell puts it, “quite complicated beasts.” As a result, the audit is also quite complex and requires the auditor’s assessment of risks of material misstatement to those financial statements to drive the performance of the audit. In today’s “boilerplate” auditor’s report, it is not possible for investors to understand where the greatest of those risks lie in the eyes of the auditor.

For this reason, a particular area of focus within the new standards will be the requirements of the new ISA 701, Communicating Key Audit Matters in the Independent Auditor’s Report. For audits of listed entities, a new section in the report, called Key Audit Matters (KAM), will highlight those issues that, in the auditor’s professional judgment, were of most significance in the audit. According to the IAASB, the description of a KAM should be “clear, concise, understandable and entity-specific.” It should explain why the matter was considered to be significant in the audit and how it was addressed. There should also be a reference to the related disclosure elsewhere in the financial statements.

ACCA has welcomed the issue of the standards. “Key Audit Matters are a big step forward,” says its former External Affairs Director, Sue Almond (she has moved to a new role since this article was written). “They will allow auditors to provide a bit more color on the work that has been done.”

What counts as a KAM?

ISA 701 includes a judgment-based decision-making framework to help auditors decide which issues from the audit would count as KAMs. Out of all the matters on which they communicated with the company’s management and audit committee, they will select KAMs from those matters that required “significant auditor attention.” In particular, they should explicitly consider areas where there might be a higher risk of material misstatement or those where significant management or auditor judgments were involved.

“The concept is that these are the areas that were of greatest focus in the audit, and typically the areas of greatest risk for the audit as well,” Campbell explains. “Where were the areas of subjectivity? Which areas required a significant application of judgment?” She highlights impairment – of an investment, of goodwill or of another intangible asset – as being likely to feature as a KAM, because of the significant amount of judgment involved with these.

The nature of a KAM will also vary according to the industry sector the company operates in. Revenue recognition is likely to be a KAM for software and telecommunications companies, for example, because they have complicated revenue recognition policies. Mining companies, meanwhile, may have licensing rights to mine a particular piece of ground, but it can be difficult for them to determine the value of that license, as it will depend on the cash flows generated by the mine in future. Therefore, their audits are likely to focus closely on license impairments.

One area that will probably be a KAM for most companies, whichever sector they operate in, is taxation. “For a lot of businesses, tax is really complex,” Campbell notes. “It’s also an area where there is a high amount of litigation, as well as disputes between tax authorities and companies, so it often requires significant auditor attention.”

Campbell’s observations are backed up by a report from the Financial Reporting Council into the implementation of extended auditor’s reports in the UK, published in March 2015. In a survey of more than 150 auditor’s reports, it found that the top five most reported risks were:

• Impairment of assets
• Tax
• Goodwill impairment
• Management override of controls
• Fraud in revenue recognition

Potential pitfalls

In some respects, the greatest challenge for auditors is figuring out when an issue is not a KAM. “Just because something is a big number doesn’t mean it’s a Key Audit Matter,” Campbell points out. “And just because it’s where we spent a large proportion of our efforts doesn’t mean it’s a Key Audit Matter either.”

A large transaction, such as the acquisition or disposal of a subsidiary, might fit into this category. “It’s not necessarily a Key Audit Matter, because, although it may have required considerable audit effort, it could be a really straightforward transaction,” Campbell explains. The same applies to share buybacks, where a very large number may be involved, but which can be very simple to audit.

Where is key audit matters included?

How are key audit matters presented in an audit report?

At what phase of the audit does the audit team need to identify key audit matters?

What is the significance of the key audit matters section of a typical audit report?