IS Audit

What are the AIFRS changes?

by

Just a note I’ve prepared based upon my PhD project.  You’ll either get it or you won’t.

AIFRS Changes

At the core, AIFRS is made up of two factors:  Auditing Standard changes (ASA’s) and Australian Accounting Standard changes (AASB’s).

Therefore, there are two components impacting upon IT audit methodology:

  • More information to be recorded by the business on the basis of changes to the Australian Accounting Standards, being the Share Register (AASB101 and AASB103), Asset Register (AAS25, AASB3, AASB5, AASB6, AASB102, AASB116, AASB117, AASB119, AASB127, AASB130, AASB131, AASB132, AASB136, AASB137, AASB138, AASB140, AASB141, AASB1023, AASB1038, AASB1049, AASB1050, AASB1051, and AASB1052), and Liabilities Register (AAS 25, AASB2, AASB3, AASB4, AASB 119, AASB130, AASB131, AASB132, AASB137, AASB1004, AASB1050, and AASB1052).  These AASB’s are not definitive.
  • Modifications in the Audit Standards that affect the processes that the auditor should use in considering all of the financial information relating to the formulation of its opinion on the financial statements.

Audit Methodology

  • The project makes direct reference to the need to identify IT Audit methodologies.  When discussed with practitioners, they did not distinguish between audit methodologies and IT audit methodologies. 
  • Accordingly Lynne Gehrke has adopted the Cushing & Loebbecke (1986) approach to the audit methodology.  Although ISACA through its CISA program has an audit methodology that it outlines, there is not really such a thing (so it seems) as a seprate IT audit methodology.  Accordingly, the implications need to be examined upon the audit methodology as a whole.

,

Satyam: A warning to IT outsourcers everywhere

by

Well holidays are nearly over.  The beard lasted two weeks or so before I decided to go back to my good old cleanshaven self.  At least I know now that I’m about two weeks from a dreadful beard and three weeks from a really bad one.

First topic that catches my eye at the moment is the Satyam issue.  I nearly choked on my weet bix the other day reading about the absolute gall of the Satyam conglomerate by basically making up 90% of their cash reserves.  I think it may be a lesson for people that outsourcing to another country may seem good on paper (that is, cheaper), but when its entire governance regime is completely different there are going to be some hurdles that just can’t be met.

It will be interesting to see if this becomes a house of cards and all the other IT outsourcers out there are doing pretty much the same thing.  I noticed incidentally that the auditors, PWC, are suddenly distancing themselves from their Indian affiliate.  It will highlight the role of the auditors, once again, as watchdogs not bloodhounds, and further that it is virtually impossible for an auditor to find out something if a Director is looking to hide facts and lie.

Still I’ll not be surprised to discover that there is a major case to answer at PWC for an audit that clearly missed something. And of course Ernst & Young gave this bald-faced liar an award as entrepreneur of the year not all that long ago.  I have a theory that it is incompatible to have an audit and assurance role and to hold that role at the whim of the very people who can cause such an audit to be based upon a pack of lies – it isn’t going to be helpful to hide behind standards and process reviews when a bad outcome like this happens.

And still, I wouldn’t be an audit partner under the current regime for quids.

As for people who are IT outsourcing as well as offshoring, I’m sure they’ve got a bit of a tight knot where their stomach used to be hoping that their IT outsourcer is not doing the same thing (or, if they are with Satyam, how the hell they’re going to extract themselves from the mess).

Image from Flickr User jill – glossy veneer.  Some Rights Reserved.

, , ,

An introduction to the Carbon Emissions Reporting regime in Australia

by

This is a blog post from a CPA Australia Carbon Emissions Reporting Discussion Group meeting – the inaugural meeting – that I attended on 18th November 2008.  Danny Power from PwC is the convenor. 

There will be an election of office-bearers at the end of the next meeting.  The topics under discussion are going to be quite broad-ranging.  Danny is linking it to the sustainability reporting issues, and Danny seems to think the label might change later.  However, Carbon Emissions Reporting is the current label for the group – thinks we might need to break into several discussion groups at some point (I’m not sure about that – see how popular it is).  There were about 40 people in attendance at this first meeting, though, which is always a good sign. 

Why did Danny set up the discussion group?

  • Compliance issues
  • The accountant’s role as a business advisor and in managing the reporting systems
  • Impacts for all organisations whether direct or indirect
  • “The Science” – still seems controversial, and if you’re going to report on it you need a working knowledge of what the processes are and how it works. 
  • Possibly the most important – to create a support and peer group for each other.

Schemes, coverage, compliance and impacts

This section of the presentation was given by Mick Zeljko of the Climate Change Team of PricewaterhouseCoopers. 

The finance function of most companies will be generally involved it seems in managing the reporting process, which is a substantial – very substantial – part of the new CPRS. 
Emissions Schemes

Current programs:

  • Mandatory Renewable Energy Target (MRET)
  • NSW Greenhouse Gas Abatement Scheme (GGAS)
  • Qld Gas Electricity Scheme (GECS)
  • Greenhouse Challenge Plus
  • Energy Efficiency Opportunities

The scope of these current programs is fairly limited and tend to be industry-specific.  There is a general feeling that perhaps people have been a little bit lax about the current programs, and it’s been pretty relaxed with the result that there has not been a lot of accuracy in the numbers that are currently being reported.  Probably a lot of companies don’t really have a lot of confidence in their reporting schemes. 

New Schemes:

  • National Greenhouse and Energy Reporting System (NGERS)
  • Carbon Pollution Reduction Scheme (CPRS)

NGERS will cover a lot less companies than those that are affected by ETS.  Types of gasses – six Kyoto gasses – CO2 and Methane and so on.  All measured in terms of CO2 equivalency – for example, methane is 20 times stronger than CO2, so 1 tonne of emitted methane is 20 CO2 Tonne Equivalents.

The NGERS does get down to 200 terajoules and 50 kilotonnes in 2010.  ETS will require only 25KT in 2010 so it is a little disconnected from NGERS – you can probably expect that the two programs will come into alignment. 

The Emission Trading Scheme (ETS) is now officially called CPRS – Carbon Pollution Reduction Scheme.  The feeling is that it sounds better to be reducing carbon pollution than trading the rights to emit pollution.  The scheme generally caps Australia’s emissions, and then identifies industries subject to the cap.  These industries are then allocated permits and at the end of the year have to have permits to cover what they emitted or pay a substantive fine.  If you don’t have the permits, you have to go buy them from someone who does.  This is the essence of the ‘cap and trade’ system.  

Under the scheme:

  • Government allocates or auctions permits up to the cap annually.
  • Companies compete on the market to acquire required permits.
  • Permits can be traded at market prices between firms and third parties.
  • Scheme requires robust monitoring, reporting and assurance of data.
  • Transitional assistance measures are included
  • A number of elements are yet to be finalised
    • Including emissions target trajectories, penalties for non-compliance and complementary measures for non-covered sectors. 

A green paper was released in July.  Everyone affected is throwing a submission at the government.  The government is aiming to have draft legislation ready by the end of the year.  There remains a whole bunch of stuff that is yet to be finalised, particularly emissions trajectories.  We don’t know what the limits will be yet though – what the targets will be. 

Covered sectors:

  • Stationary energy
  • Industrial processes
  • Fugitive emissions (e.g. mining and landfill)
  • Waste
  • Transport
  • Reforestation (opt-in – gets you credits)
  • Agriculture may come in later, around 2015.

Liability generally relies upon the emitter.  Generally it is upstream supply liability.

Emissions covered include:  Scope 1 (i.e. direct for example emissions from a generator) emissions only.  Contrast with NGERS which includes Scope 2 (e.g. indirect such as a factory’s use of electricity) across all 6 Kyoto Greenhouses. 

Threshold

  • Direct emissions of 25,000 tonnes of CO2e (Carbon Equivalents). 

The affected businesses will need to be collecting up systems, processes and governance to get NGERS into place. 

I wonder what the definition of an entity (i.e. a ‘business’ will be in the covered industry?). 

The first NGERS reporting period has commenced, those these systems etc will need to be in place from the point of view of affected NGERS entities.  CPRS Green Paper submissions are now closed.  The draft legislation is due out in early September, and they seem to want to have the legislation in place by the end of the year.  The Government wants to set medium-term national trajectories soon, and are aiming for a 1 July 2010 start.  These trajectories will affect how many permits are available – they will not determine who is affected by CPRS. 
We in Australia will have two full reporting periods and  given thethen full trading will commence under CPRS.  Unless it doesn’t  current financial crisis. 

Under NGERS – compliance is about registering and reporting.  Penalties apply for corporations and CEOs.

Project Definition

There are a a whole lot of rules and legislation around wh`o effectively owns the emissions.  A big mining site will have a lot of issues just working out what are we reporting on.

Systems Implementation

  • Collect greenhouse and energy data
  • Calculate greenhouse and energy data – there is a measurement determination that tells you how you work out how much CO2 you emit.  There are proxy things in place. 
  • Got to have good storage of records for any audit down the track.

Maybe I have a large IT bent, but I can see that this is going to be a problem for anybody seeking to implement Greenhouse Gas Reporting Systems and implement it through the accounting information system.  Or even if they don’t. 

Clearly it will have an impact upon reporting processes, and who does it – and I suspect this job will often fall to the finance function. 

Reporting

  • Register with GEDO
  • Prepare and submit data using OSCAR.  (See Greenhouse Challenge Plus).
  • There will be a lot of internal reporting as well particularly for companies that are CPRS-liable. 

Governance

  • Need a whole lot of things covering all of this to make sure it keeps ticking along. 

Companies will have to be NGERS compliance at a minimum. 

Assurance – large emitters (>125KT CO2) will require third party assurance of the information prior to submission.  Beyond these core issues we don’t know much around how it is taxed and so on.  The draft legislation hasn’t come out yet.  There are thousands of submissions being put in place.

If you are liable there are serious financial implications and also some compliance costs.  Indirect impacts will result in price increases it seems – which will be the main issue for SME’s. 
Indirect impacts are going to be increasing on just about everyone.  Transport and logistics – may see a complete change in the competitive position between transport for example.  For instance you will need to reconsider where you get your services from e.g. road vs rail.

Need to do a risk assessment now.  Carbon due diligence.  Green paper submissions were a big thing a little while ago.

Strategic Response – can do a lot of stuff now.  There are opportunities for new services and products – carbon market planning and financial advice.

CPRS Accounting Issues:

  • Permits acquired to satisfy obligation = intangibles
  • Permits acquired for trading = inventory
  • Measurement choices available
  • Impact of CPRS on impairment calculations
  • Accounting disclosures which may be required.
  • How to account for forward purchase agreements of carbon pollution permits
  • Broadly – what impact will the acquisition, trading, hedging and surrender of carbon plollution permits on reporting.
  • Tax treatment?  Still yet to be decided. 

We also noted in the presentation that cashflow issues exist potentially for people that have to buy permits up front. 

There will be another meeting in February, probably, of the Discussion Group.  It was a very interesting discussion and it will be interesting to see where these compliance issues around the Carbon Emission Emissions Reporting processes take us.  And as we can see above – there are assurance implications (although supposedly only for >125KT emitters?).

More notices as events warrant.

Accounting for the Emission Trading Scheme

by

As part of the good old PhD, I’m looking at some of the impacts of reporting changes around the adoption of IFRS in Australia upon audits.  As part of this, I’m taking a look at accounting for the Emissions Trading Scheme – mostly because it’s interesting and topical.

The Australian Government has flagged an intention to create an emissions trading scheme, but has rather less-than-helpfully (in some ways) left the creation of accounting for its business impact to the International Accounting Standards Board.  According to the IASB work program, an exposure draft regarding accounting for emissions trading scheme will be provided in the second half of 2009, and IFRS standards will be released in 2010.  Alternative accounting models are to be brought to IASB in Q3 2008 (presumably, about now).

Rather less than conveniently, if IASB’s work program doesn’t slip, the new accounting standards will be released about the time the emissions trading scheme is implemented.  Hmmm.

The project overview is provided here for IASB: emissions trading scheme.

However, the above seems to relate to how to account for the dollar impact of the scheme (presumably, accounting for assets and expenses created by the scheme etc).  There is in addition a current reporting obligation under the National Greenhouse and Energy Reporting Act 2007.  This is of course NOT the ETS, but it does give us some things to do right now.  A copy of the guidelines for reporting obligations can be found on the government’s website.

By 2010, organisations that produce more than 50 kilotonnes of CO2 and/or use 200 terajoules of energy are subject to these requirements.  There is an enormous scope of the non-accounting information that is required just in order to determine whether or not the corporation exceeds the threshold (see also this link:  https://www.oscar.gov.au/Deh.Oscar.Extension.Web/Content/NgerThresholdCalculator/Default.aspx).

These reporting requirements appear to apply to at least government agencies, although it is uncertain whether State Departments (e.g. Queensland Health) are captured by these requirements.  The advice for government agencies is that they should set up their systems to make this apply, and likely it will be made apply in any event due to the need for them to maintain a reputation.

A lot to absorb.  By the way this blog is starting to creak under its own weight and desperately needs a redesign – I will redesign the categories and so on when I get a chance (so perhaps this is permanent).

Effective business reporting

by

I’m a great fan of the COBIT and VAL-IT frameworks, but I also like to try and reconcile complex frameworks. I also hire a translation company at https://www.espressotranslations.com/gb/french-translation-services-london/ to make them a bit easier to understand for our non-native English speakers. I also like to talk in terms of people, process and technology, as I think that conceptually we can easily get our heads around it, and it also helps us turn complex things into stuff we can use in a small business and specially in home based business.

Frameworks like COBIT provide us with a way of distilling out the unnecessary.  It is so easy with an IT area to have it seem so complex that you don’t know where to start.  COBIT lets us see what matters, and it provides a strong link between the strategic direction and management of the business, and allows us to identify from those business goals the things that the IT area needs to be doing  That is the fundamental basis of the Getting IT Right service line that I provide through my company, Applied Insight Pty Ltd. It isn’t just something I made up, it has a real basis in research into the practice of IT management.

So for the effective business reporting presentation, I have taken the people-process-technology relationship, added environmental factors in the context of the financial reporting system (so, financial capacity, regulatory compliance, and business strategy), and then linked this to the COBIT process framework (DS11 – Data Management).

This approach can be seen here:

And linking through, I can, using this approach, give you a framework you can use to diagnose and assess the effectiveness of your financial reporting systems:

I have done this simply by identifying the key words in the COBIT control objective identified – it talks about words like ‘complete’, ‘accurate’, valid’ etc (as referred to in blue), and then you have a coherent, flexible, approach to the delivery of effectiveness business reporting without the need to make it up (so we know it’s complete) but not so complex and rich that it can’t be understood.

If I as a business can take these factors and score them

in some way, I have a good approach for assessing the health of my business reporting systems.  And that is half of the purpose of the presentation coming up is anyway.