In a move that has gone largely unnoticed by the SMSF industry, the Accounting Professional and Ethics Standards Board Limited (APESB) has overhauled APES 305 Terms of Engagement. SMSF professionals will soon be required to include the details of all outsourced services and cloud computing in their SMSF engagement letters.
The revised standard has practical implications for SMSF firms, especially those using outsourced services.
The reason is that some engagement letters hide outsourced services as “third parties” to avoid specifying the offshore processing of their client’s personal and confidential financial information.
An example of this type of arrangement is a company in India performing the accounting work for an Australian firm, but it also covers onshore processing.
Undoubtedly, some firms may find this new requirement challenging as their SMSF clients may not be aware of who is doing the work and where.
SMSF practitioners should be mindful that the new rules provide updated definitions for outsourced services and cloud computing.
An outsourced service means a service involved in outsourcing a material business activity to an outsourced service provider, who may not be located in the same country or may not even be a member of a professional body.
On the other hand, Cloud computing refers to computing resources provided over the internet, including on-demand access to networks, servers, data storage, databases, software, and applications. Cloud computing entrusts the remote third party with data and information of the SMSF firm’s clients.
Where either of these new requirements is met, SMSF practitioners must document and communicate with their trustee clients by updating all SMSF engagement letters to include:
The APESB has stated that the new standard is effective for engagements commencing on or after 1 July 2021, with earlier adoption permitted.
Paragraph 3.5 of APES 305 states that using outsourced services or cloud computing may impact the amount of risk associated with delivering professional services and managing a client’s confidential information.
The revised standard also references APES GN 30 Outsourced Services(APES GN 30) to help firms identify whether a service is an outsourced service. It can also provide guidance with the professional and ethical obligations regarding these services.
Additional risks of non-compliance with applicable laws and regulations, such as the Privacy Act 1988 (Cth) (“Privacy Act”), may also occur.
The Privacy Act outlines thirteen (13) principles for the secure handling of personal information and minimising the risk of a data breach.
With the average cost of a reported data breach in Australia valued at $3.35 million, and Finance listed as one of the top three (3) industries impacted, there is much at stake.
It also provides a timely reminder that the SMSF practitioner retains the primary responsibility to deliver the service in line with their SMSF engagement letters and must comply with the ethical requirements of APES 110 and all other professional standards.
The best practice is to obtain written consent from the SMSF trustee acknowledging the acceptance before implementing the outsourced service.
APES GN 30 also recommends that firns develop and document an outsourcing policy framework containing policies and procedures to manage business, operational and other risks.
The framework will assist with setting the performance of the agreement and enable the SMSF firm to conduct appropriate due diligence before working with the outsourced service provider.
Fact-finding is an integral aspect of outsourcing but can be sadly lacking within the SMSF industry.
Matters which should be considered and assessed include, but are not limited to, the following aspects of the service provider’s business:
The reality is that the SMSF firm retains the obligation to monitor and review their work to ensure it complies with professional standards applicable to the engagement.
To this end, developing an outsourcing agreement will manage the risks of transition and implementation.
It will also ensure that SMSF firms check whether their professional indemnity insurance policy contains adequate coverage for these services.
One of the critical issues is whether the professional services being outsourced constitutes a firm’s material business activity.
It would be a mistake to underestimate the concept of material business activity as it does not just refer to fees.
Material business activity refers to an entity or firm whose business activities has the potential, if disrupted, to significantly impact the quality, timeliness, or scale of services.
A fundamental aspect is to ensure a material business activity assessment is performed from both the firm’s and the SMSF trustees’ perspectives: it is essential to judge each case based on the particular facts and circumstances.
An outsourcing arrangement covering less than 5% of the firm’s clients may not be a material business activity from the firm’s perspective. However, it may be a material business activity due to unique circumstances from the client’s perspective.
The consideration here is whether the client is materially impacted, in which case clarification should be obtained from APES GN 30.
Conversely, where outsourcing activity impacts 10% of the firm’s revenue base, it may be considered a material business activity from both the firm and client perspective. The firm should once again refer to APES GN 30.
There is much to consider with the revised standard, such as challenging firms to establish policies and procedures designed to manage risk; putting appropriate quality control requirements in place and overhauling SMSF engagement letters.
Documenting and communicating the terms of engagement will also ensure a clear understanding between SMSF trustees and advisers, which is in both parties’ best interests.
SMSF practitioners must remind themselves they are ultimately responsible for delivering outsourced services and cloud computing. The latest APESB overhaul to SMSF engagement letters ensures that the benefits of implementing the new requirements far outweigh the costs.
ASF Audits is the home of one-click SMSF auditing. Contact us on 1800 327 872 to find out more.
Making sure an SMSF passes the sole purpose test (“SPT”) is one of the cornerstones of operating a compliant SMSF. One of the most important things to understand is that it’s not the type of investment dictating whether the SPT is met, but rather the purpose for which the investment is made and maintained that is relevant.
This is crucial given that the trustee and member are typically the same people, which can give rise to conflicts of interest when critical financial decisions need to be made.
The SPT is not an actual test, but more a rule of thumb where the fund must be able to demonstrate that it meets one or more core purposes at all times. The fund can also meet an ancillary purpose, but only if it also meets one or more of the core purposes at the same time.
In broad terms, Section 62 of the SIS requires that any or all of the following core purposes must be met to provide benefits to members:
Generally, where a current day benefit is provided to a member as a direct result of actively procuring that benefit, then s62 SIS will be breached.
The ancillary purposes, which must co-exist with one or more of the core purposes, are:
Remember, too, that SPT is concerned with how a trustee of an SMSF came to make an investment or undertake an activity which can vary from trustee to trustee.
The role of the SMSF auditor is to ensure that the fund complies with the SPT during the year being audited. All of the circumstances of the fund must be viewed by the SMSF auditor holistically and objectively to determine whether the SPT has been contravened.
The auditor will look for factors that would weigh in favour of a conclusion that an SMSF is not being maintained in accordance with s62 such as:
Nevertheless, when an SMSF receives a benefit that is incidental, remote or significant, it does not necessarily result in the fund contravening the SPT. SMSFR 2008/2 deals with the application of the SPT where members receive benefits other than retirement, employment termination or death benefits.
Failure to meet the SPT is one of the most serious contraventions as it goes to the very core of the superannuation legislation. Aside from the risk of a fund being made non-complying and losing its concessional tax treatment, penalties can be applied up to $10,800 per trustee.
The ATO has the discretion to freeze an SMSF’s assets where it appears the trustee’s conduct is likely to have a significant adverse effect on the SMSF, and they also have the power to disqualify trustees.
The Court can also impose a sentence of 5 years’ imprisonment for individual trustees or longer for corporate trustees.
Other courses of action the trustee can take to rectify an SPT contravention is to engage early with the ATO through their voluntary disclosure service or decide to wind the fund up.
Where the trustee chooses voluntary disclosure, the ATO may continue to issue the SMSF with a notice of non-compliance and/or apply other compliance treatments.
The traditional approach to the SPT is seen in SMSFR 2008/2, which states that the SPT is a strict standard with exclusivity of purpose.The outcome of the Aussiegolfa case, however, has provided a deviation from this strict interpretation of the law, in that the SPT is now an objective test and assessment based on the facts and circumstances of each case.
The ATO has acknowledged there are other factors giving rise to incidental advantages to members or other persons which would not, necessarily, give rise to a breach of the SPT. All circumstances and objective assessment of the decisions and actions of the trustee are relevant in determining whether the SPT is breached.
The ATO is still reviewing the impact of the decision across other related advice and guidance products.
The SPT represents only 8.3% of all contraventions, which may indicate that SMSF auditors are either reticent to qualify funds on this basis or do not understand how to apply the SPT.
Given that loans to members account for 21.4% of all contraventions and in-house assets account for 19.1%, there is obviously scope for SMSF auditors to more carefully monitor the intentions of the trustees in light of all the circumstances of the fund.
There are many holistic factors to consider when applying the SPT to the operations of an SMSF. All the circumstances of the fund’s activities need to be reviewed, with closer scrutiny applying to the actions of the trustees to ensure regulatory compliance.
In a move that has gone largely unnoticed by the SMSF industry, the Accounting Professional and Ethics Standards Board Limited (APESB) has overhauled APES 305 Terms of Engagement. SMSF professionals will soon be required to include the details of all outsourced services and cloud computing in their SMSF engagement letters.
The revised standard has practical implications for SMSF firms, especially those using outsourced services.
The reason is that some engagement letters hide outsourced services as "third parties" to avoid specifying the offshore processing of their client's personal and confidential financial information.
An example of this type of arrangement is a company in India performing the accounting work for an Australian firm, but it also covers onshore processing.
Undoubtedly, some firms may find this new requirement challenging as their SMSF clients may not be aware of who is doing the work and where.
SMSF practitioners should be mindful that the new rules provide updated definitions for outsourced services and cloud computing.
An outsourced service means a service involved in outsourcing a material business activity to an outsourced service provider, who may not be located in the same country or may not even be a member of a professional body.
On the other hand, Cloud computing refers to computing resources provided over the internet, including on-demand access to networks, servers, data storage, databases, software, and applications. Cloud computing entrusts the remote third party with data and information of the SMSF firm's clients.
Where either of these new requirements is met, SMSF practitioners must document and communicate with their trustee clients by updating all SMSF engagement letters to include:
The APESB has stated that the new standard is effective for engagements commencing on or after 1 July 2021, with earlier adoption permitted.
Paragraph 3.5 of APES 305 states that using outsourced services or cloud computing may impact the amount of risk associated with delivering professional services and managing a client's confidential information.
The revised standard also references APES GN 30 Outsourced Services (APES GN 30) to help firms identify whether a service is an outsourced service. It can also provide guidance with the professional and ethical obligations regarding these services.
Additional risks of non-compliance with applicable laws and regulations, such as the Privacy Act 1988 (Cth) ("Privacy Act"), may also occur.
The Privacy Act outlines thirteen (13) principles for the secure handling of personal information and minimising the risk of a data breach.
With the average cost of a reported data breach in Australia valued at $3.35 million, and Finance listed as one of the top three (3) industries impacted, there is much at stake.
It also provides a timely reminder that the SMSF practitioner retains the primary responsibility to deliver the service in line with their SMSF engagement letters and must comply with the ethical requirements of APES 110 and all other professional standards.
The best practice is to obtain written consent from the SMSF trustee acknowledging the acceptance before implementing the outsourced service.
APES GN 30 also recommends that firns develop and document an outsourcing policy framework containing policies and procedures to manage business, operational and other risks.
The framework will assist with setting the performance of the agreement and enable the SMSF firm to conduct appropriate due diligence before working with the outsourced service provider.
Fact-finding is an integral aspect of outsourcing but can be sadly lacking within the SMSF industry.
Matters which should be considered and assessed include, but are not limited to, the following aspects of the service provider's business:
The reality is that the SMSF firm retains the obligation to monitor and review their work to ensure it complies with professional standards applicable to the engagement.
To this end, developing an outsourcing agreement will manage the risks of transition and implementation.
It will also ensure that SMSF firms check whether their professional indemnity insurance policy contains adequate coverage for these services.
One of the critical issues is whether the professional services being outsourced constitutes a firm's material business activity.
It would be a mistake to underestimate the concept of material business activity as it does not just refer to fees.
Material business activity refers to an entity or firm whose business activities has the potential, if disrupted, to significantly impact the quality, timeliness, or scale of services.
A fundamental aspect is to ensure a material business activity assessment is performed from both the firm's and the SMSF trustees' perspectives: it is essential to judge each case based on the particular facts and circumstances.
An outsourcing arrangement covering less than 5% of the firm's clients may not be a material business activity from the firm's perspective. However, it may be a material business activity due to unique circumstances from the client's perspective.
The consideration here is whether the client is materially impacted, in which case clarification should be obtained from APES GN 30.
Conversely, where outsourcing activity impacts 10% of the firm's revenue base, it may be considered a material business activity from both the firm and client perspective. The firm should once again refer to APES GN 30.
There is much to consider with the revised standard, such as challenging firms to establish policies and procedures designed to manage risk; putting appropriate quality control requirements in place and overhauling SMSF engagement letters.
Documenting and communicating the terms of engagement will also ensure a clear understanding between SMSF trustees and advisers, which is in both parties' best interests.
SMSF practitioners must remind themselves they are ultimately responsible for delivering outsourced services and cloud computing. The latest APESB overhaul to SMSF engagement letters ensures that the benefits of implementing the new requirements far outweigh the costs.
ASF Audits is the home of one-click SMSF auditing. Contact us on 1800 327 872 to find out more.
Return to Featured Articles
Before it became an ATO reporting requirement in the 2019 annual return, Part A qualifications were primarily ignored within the SMSF industry. Discussions centred mostly around compliance contraventions and whether an Auditor Contravention Report (ACR) was to be lodged with the ATO.
With Part A Qualifications now firmly in the ATO’s sights as they are now required to be reported in the Annual Return, a result of the now-defunct 3 yearly audit cycle, Part A qualifications are no longer being ignored by SMSF advisers. Trying to understand the impact on their SMSF clients is now front of mind even before the annual return has been lodged.
The ATO has said reporting Part A qualifications will assist them in risk profiling the SMSF population and will also be one of the factors considered when auditing an SMSF. In reality, the ability to glean any discernible patterns or trends given the nature of Part A qualifications will be difficult.
Most importantly, the ATO has said they will not look to take compliance action on Part A Qualifications for the 2019 year. Given there’s a good chance that what is required to be reported will change for the SMSF annual return in 2020, this could be a flash-in-the-pan for the industry.
The auditing standards require SMSF auditors to form an opinion as to whether the financial report is prepared in accordance with the applicable reporting framework. An SMSF auditor will modify their opinion by qualifying Part A of the audit report where they conclude that the financial report as a whole is not free from material misstatements.
The main types of Part A qualifications include:
| Part A Qualification | Reason |
| First-year audits | Unable to obtain audit evidence on the opening balances |
| Audited Platforms | Inability to obtain audit evidence on underlying investments reported via a Platform |
| Fund assets at purchase cost | Assets not valued at market value |
| Market value uncertain | Inability to obtain sufficient audit evidence to support market value |
| Non-arm’s length income | Tax calculation materially incorrect as non-arm’s length income identified |
| No bank statements | Cannot form an opinion on true and fair position of the fund at year-end or the bank transactions |
| Investments incorrectly classified | Classification of assets on the Financial statements are not in accordance with applicable accounting standards |
| Rollovers in not supported by evidence | Unable to confirm the nature of the receipt |
The SMSF industry has already seen the ramifications of neglecting to qualify Part A of the audit report due to a material misstatement in the Baumgartner case. This resulted from the auditor failing to investigate the nature of unsecured loans and unit trust investments held by the fund and not enquiring as to the existence and verification of the assets.
There was no documentation on file in relation to these high-risk investments, and the auditor failed in their duty to communicate with the trustee. He was subsequently found negligent for failing to identify incorrect classifications, misstatements and other facts and circumstances to the plaintiff’s attention by way of notation or qualification in the audit reports.
An SMSF auditor may face difficulties with initial audit engagements in obtaining sufficient appropriate audit evidence for opening balances. The auditor’s objective is to obtain reasonable assurance about whether the financial report as a whole is free from material misstatement. The auditor cannot express separate opinions on each element of the financial report.
SMSF auditors must determine whether the prior period’s closing balances have been correctly brought forward to the current period, as well as ensuring there is sufficient evidence on file to support the opening balances. In other words, are the opening balances correct?
Giving this part of the audit a green tick means effectively undertaking an audit on the prior year audit, which is why some SMSF auditors typically qualify Part A of the audit report.
To avoid an opening balance Part A Qualification, the auditor must test the cash account and all material assets and liabilities.
The comparatives on the current year financial statements must be checked to the closing balances from prior year financial statements. Where the amounts do not agree, an audit query must be raised.
Additionally, member opening balances and preservation components from the prior year are checked; the cost bases of assets have to be reviewed; any carry forward tax and capital losses from the previous annual return are tested and the auditor must evaluate the prior year Trustee Declarations and Audit Report and ensure they are signed correctly.
Where this preliminary work is undertaken, the SMSF auditor can avoid issuing a Part A Qualification on Opening Balances. It should be noted that in accordance with ASA 710, an “Other Matter” paragraph is required for all funds with respect to the comparatives.
The auditor will issue a Part A qualification where an SMSF invests in an audited platform and they are unable to obtain audit evidence. In accordance with the Auditing Standards, the SMSF auditor is required to obtain an understanding of each Platform to determine the level of testing needed at the individual fund level.
Where a GS007/Type 2 Audit Report is available on the design, implementation and effectiveness of controls for the platform, ASA 402 states that auditors are still required to complete substantive testing to ensure there is sufficient appropriate audit evidence relating to material balances and transactions of the fund.
The audit requirements for platforms can be summarised as follows:
| Audit Report on Controls (Type 2 only) | No Audit Report | |
| Assets Custodially Held | Unable to obtain sufficient appropriate audit evidence Qualified audit opinion (Ref: ASA 402 / GS009) | Unable to obtain sufficient appropriate audit evidence Qualified audit opinion or disclaimer of opinion |
| Assets Individually Held | Perform testing at a fund level OR Testing at a Platform level Unmodified audit opinion | Perform testing at a fund level* Unmodified audit opinion |
*If sufficient appropriate audit evidence is not provided, a Qualified Audit Opinion will be required
While Part A qualifications have risen mainly due to the successful litigation against two SMSF auditors for losses experienced by the funds, it’s still a complicated and challenging task for SMSF auditors.
Issuing a Part A qualification is not a foregone conclusion, and the audit opinion must be substantiated by the audit evidence, or lack thereof, in the audit file.
The good news is there have been loud whispers within the industry that the requirement to inform the ATO about the more common Part A Qualifications may be removed from the 2020 SMSF annual return.
And let’s be honest, it’s not such a big deal in 2019 anyway.
Over the past 25 years we have refined all aspects of our business to simplify and streamline the SMSF audit process.
Please fill out the form below to watch video walkthrough