A senior SMSF auditor has reminded practitioners of their mandatory obligations to implement a proper framework regarding their use of technology in light of the customer data breaches experienced by large organisations such as Optus.
Specifically, ASF Audits head of education Shelley Banton confirmed auditors must adhere to the requirements detailed in ASQM 1 and accountants must satisfy their obligations under APES 320 as the professional standards detailed in both instruments are now aligned.
“[Both ASQM 1 and APES 320 stipulate] as a member of a professional body you are also subject to putting in place a system of quality management [that includes use of technology] and each firm then has to customise their system of quality management to the risks within their firm so there isn’t a one-size-fits-all template,” Banton told delegates at Class Ignite 2023 held recently in Sydney.
“It means, at the end of the day, you have to develop policies and procedures that cover governance and information and technology, leadership, engagement and also resources.
“And when we talk about resources, this is where the technology comes in because it means that all of the IT applications in your firm have to be covered under your system of quality management.”
According to Banton, the framework firms must implement under ASQM 1 and APES 320 has to be responsive and practicable and has to undergo constant review. To this end, the auditing standard dictates firms must conduct such a review by 15 December 2023.
She pointed out these requirements are going to impact how practitioners are able use technology, such as data feeds for SMSF administration purposes, and acknowledged one critical element on which they must focus.
“The key to it all obviously is due diligence and that’s all about controlling risk, which [entails] the qualitative and quantitative measures you need to put in place to make sure you meet your professional obligations,” she noted.