Due to its complexity and wide-range of risks inherent with the use of financial statement, developing an audit approach for financial instruments is crucial. Paradoxically; on one hand financial instruments are used (by entities) to reduce exposures to certain business risk, on the other hand the inherent complexities of some financial instruments also may result in increased risk—business and material misstatement risk—along with the increase of the financial instruments usage.


It has been long-known that financial instruments vary in complexity that come from various source: (a) volume of individual cash flows—where a lack of homogeneity requires analysis of each one or a large number of grouped cash flows to evaluate; (b) complex formulas for determining the cash flows; and (c) uncertainty or variability of future cash flows. In addition, sometimes financial instruments that ordinarily—which otherwise are relatively easy to value—could become complex to value because of particular circumstances.

The accounting for financial instruments under certain financial reporting frameworks or certain market conditions could be complex too. The definition of the financial instruments themselves could be vary in wide-range—from simple loans and deposits to complex derivatives, structured products, and some commodity contracts. Financial instruments could be cash; or the equity of another entity; or the contractual right or obligation to receive or deliver cash or exchange financial assets or liabilities; and so forth. So, how do you develop audit approach for financial instruments? Before going to the main topic, let’s have a look why an entity uses financial instruments and what are the risks inherent with the usage.



Why an entity use Financial Instruments

In general, an entity decides to use financial instruments for the following three purposes:

1. Hedging purposes (changing an existing risk profile to which an entity is exposed). This includes: (a) the forward purchase or sale of currency to fix a future exchange rate; (b) converting future interest rates to fixed rates or floating rates through the use of swaps; and (c) the purchase of option contracts to provide an entity with protection against a particular price movement, including contracts which may contain embedded derivatives.

2. Trading purposes (for example, to enable an entity to take a risk position to benefit from short term market movements.)

3. Investment purposes (for example, to enable an entity to benefit from long term investment returns.)



The Risks of Using Financial Instruments

The use of financial instruments can reduce exposures to certain business risks—for example changes in exchange rates, interest rates and commodity prices, or a combination of those risks. On the other hand, the inherent complexities of some financial instruments also may result in increased risk.

Business risk and the risk of material misstatement increase when management:

1. Do not fully understand the risks of using financial instruments and have insufficient skills and experience to manage those risks;

2. Do not have the expertise to value them appropriately in accordance with the applicable financial reporting framework;

3. Do not have sufficient controls in place over financial instrument activities; or

4. Inappropriately hedge risks or speculate.

Management’s failure to fully understand the risks inherent in a financial instrument can have a direct effect on management’s ability to manage these risks appropriately, and may ultimately threaten the viability of the entity. Among those risks are:

1. Credit (or counterparty) risk is the risk that one party to a financial instrument will cause a financial loss to another party by failing to discharge an obligation and is often associated with default.

2. Market risk is the risk that the fair value or future cash flows of a financial instrument will fluctuate because of changes in market prices.

3. Liquidity risk includes the risk of not being able to buy or sell a financial instrument at an appropriate price in a timely manner due to a lack of marketability for that financial instrument.

4. Operational risk relates to the specific processing required for financial instruments. Operational risk may increase as the complexity of a financial instrument increases, and poor management of operational risk may increase other types of risk. Operational risk includes:

  • The risk that confirmation and reconciliation controls are inadequate resulting in incomplete or inaccurate recording of financial instruments;
  • The risks that there is inappropriate documentation of transactions and insufficient monitoring of these transactions;
  • The risk that transactions are incorrectly recorded, processed or risk managed and, therefore, do not reflect the economics of the overall trade;
  • The risk that undue reliance is placed by staff on the accuracy of valuation techniques, without adequate review and transactions are therefore incorrectly valued or their risk is improperly measured;
  • The risk that the use of financial instruments is not adequately incorporated into the entity’s risk management policies and procedures;
  • The risk of loss resulting from inadequate or failed internal processes and systems, or from external events, including the risk of fraud from both internal and external sources;
  • The risk that there is inadequate or non-timely maintenance of valuation techniques used to measure financial instruments;

5. Legal risk, which is a component of operational risk, and relates to losses resulting from a legal or regulatory action that invalidates or otherwise precludes performance by the end user (or its counterparty) under the terms of the contract or related netting arrangements.

In testing how management values the financial instrument and in responding to the assessed risks of material misstatement in accordance with ISA 540, according to International Auditing Practice Note (IAPN) 1000, “Special Considerations In Auditing Financial Instruments,”—just released in mid-December 2011, the auditor undertakes one or more of the following procedures, taking account of the nature of the accounting estimates:

(a) Test how management made the accounting estimate and the data on which it is based (including valuation techniques used by the entity in its valuations).

(b) Test the operating effectiveness of the controls over how management made the accounting estimate, together with appropriate substantive procedures.

(c) Develop a point estimate or a range to evaluate management’s point estimate.

(d) Determine whether events occurring up to the date of the auditor’s report provide audit evidence regarding the accounting estimate.

Many auditors find that a combination of testing how management valued the financial instrument, and the data on which it is based, and testing the operating effectiveness of controls, will be an effective and efficient audit approach. While subsequent events may provide some evidence about the valuation of financial instruments, other factors may need to be taken into account to address any changes in market conditions subsequent to the balance sheet date.

If the auditor is unable to test how management made the estimate, the auditor may choose to develop a point estimate or range. To estimate the fair value of financial instruments, management may:

  • Utilize information from third-party pricing sources;
  • Gather data to develop their own estimate using various techniques including models; and
  • Engage an expert to develop an estimate.

Management often may use a combination of these approaches. Next, let’s have a look what IAPN-1000 suggests about audit consideration to each of the above situations.



When Management Uses a Third-Party Pricing Source

Management may make use of a third-party pricing source, such as a pricing service or broker, in valuing the entity’s financial instruments. Understanding how management uses the information and how the pricing service operates assists the auditor in determining the nature and extent of audit procedures needed.

The following matters may be relevant where management uses a third-party pricing source:

1. The type of third-party pricing source – Some third-party pricing sources make more information available about their process.

Example: A pricing service often provides information about their methodology, assumptions and data in valuing financial instruments at the asset class level. By contrast, brokers often provide no, or only limited, information about the inputs and assumptions used in developing the quote.

2. The nature of inputs used and the complexity of the valuation technique – The reliability of prices from third-party pricing sources varies depending on the observability of inputs (and accordingly, the level of inputs in the fair value hierarchy), and the complexity of the methodology for valuing a specific security or asset class.

Example: The reliability of a price for an equity investment actively traded in a liquid market is higher than that of a corporate bond traded in a liquid market that has not traded on the measurement date, which, in turn, is more reliable than that of an asset-backed security that is valued using a discounted cash flow model.

3. The reputation and experience of the third-party pricing source – For example, a third-party pricing source may be experienced in a certain type of financial instrument, and be recognized as such, but may not be similarly experienced in other types of financial instruments. The auditor’s past experience with the third-party pricing source may also be relevant in this regard.

4. The objectivity of the third-party pricing source – For example, if a price obtained by management comes from a counterpart—such as the broker who sold the financial instrument to the entity, or an entity with a close relationship with the entity being audited, the price may not be reliable.

5. The entity’s controls over the use of third-party pricing sources – The degree to which management has controls in place to assess the reliability of information from third-party pricing sources affects the reliability of the fair value measurement. For example, management may have controls in place to: (a) review and approve the use of the third-party pricing source—including consideration of the reputation, experience and objectivity of the third-party pricing source; and (b) determine the completeness, relevance and accuracy of the prices and pricing-related data.

6. The third-party pricing source’s controls – The controls and processes over valuations for the asset classes of interest to the auditor. For example, a third-party pricing source may have strong controls around how prices are developed, including the use of a formalized process for customers, both buy and sell side, to challenge the prices received from the pricing service, when supported by appropriate evidence, which may enable the third-party pricing source to constantly correct prices to more fully reflect the information available to market participants.

Possible approaches to gathering evidence regarding information from third-party pricing sources may include the following:

1. For level 1 inputs, comparing the information from third-party pricing sources with observable market prices.

2. Reviewing disclosures provided by third-party pricing sources about their controls and processes, valuation techniques, inputs and assumptions.

3. Testing the controls management has in place to assess the reliability of information from third-party pricing sources.

4. Performing procedures at the third-party pricing source to understand and test the controls and processes, valuation techniques, inputs and assumptions used for asset classes or specific financial instruments of interest.

5. Evaluating whether the prices obtained from third-party pricing sources are reasonable in relation to prices from other third-party pricing sources, the entity’s estimate or the auditor’s own estimate.

6. Evaluating the reasonableness of valuation techniques, assumptions and inputs.

7. Developing a point estimate or a range for some financial instruments priced by the third-party pricing source and evaluating whether the results are within a reasonable range of each other.

8. Obtaining a service auditor’s report that covers the controls over validation of the prices.

Obtaining prices from multiple third-party pricing sources may also provide useful information about measurement uncertainty. A wide range of prices may indicate higher measurement uncertainty and may suggest that the financial instrument is sensitive to small changes in data and assumptions. A narrow range may indicate lower measurement uncertainty and may suggest less sensitivity to changes in data and assumptions.

Although obtaining prices from multiple sources may be useful, when considering financial instruments that have inputs categorized at levels 2 or 3 of the fair value hierarchy, in particular, obtaining prices from multiple sources is unlikely to provide sufficient appropriate audit evidence on its own.

In some situations, the auditor may be unable to gain an understanding of the process used to generate the price, including any controls over the process of how reliably the price is determined, or may not have access to the model, including the assumptions and other inputs used. In such cases, the auditor may decide to undertake to develop a point estimate or a range to evaluate management’s point estimate in responding to the assessed risk.



When Management Estimates Fair Values Using a Model

Paragraph 13(b) of ISA 540 requires the auditor—if testing management’s process of making the accounting estimate—to evaluate whether the method of measurement used is appropriate in the circumstances and the assumptions used by management are reasonable in light of the measurement objectives of the applicable financial reporting framework.

Whether management has used a third-party pricing source, or is undertaking its own valuation, models are often used to value financial instruments, particularly when using inputs at levels 2 and 3 of the fair value hierarchy. In determining the nature, timing and extent of audit procedures on models, the auditor may consider the methodology, assumptions and data used in the model.



Approach To Be Taken To Test a Valuation Model

When considering more complex financial instruments such as those using level 3 inputs, testing all three may be a useful source of audit evidence. However, when the model is both simple and generally accepted, such as some bond price calculations, audit evidence obtained from focusing on the assumptions and data used in the model may be a more useful source of evidence.

Testing a model can be accomplished by two main approaches:

(a) The auditor can test management’s model, by considering the appropriateness of the model used by management, the reasonableness of the assumptions and data used, and the mathematical accuracy; or

(b) The auditor can develop their own estimate, and then compare the auditor’s valuation with that of the entity.

Where valuation of financial instruments is based on unobservable inputs (that is, level 3 inputs), matters that the auditor may consider include, for example, how management supports the following:

  • The identification and characteristics of marketplace participants relevant to the financial instrument.
  • How unobservable inputs are determined on initial recognition.
  • Modifications it has made to its own assumptions to reflect its view of assumptions marketplace participants would use.
  • Whether it has incorporated the best input information available in the circumstances.
  • Where applicable, how its assumptions take account of comparable transactions.
  • Sensitivity analysis of models when unobservable inputs are used and whether adjustments have been made to address measurement uncertainty.

In addition, the auditor’s industry knowledge, knowledge of market trends, understanding of other entities’ valuations and other relevant price indicators informs the auditor’s testing of the valuations and the consideration of whether the valuations appear reasonable overall. If the valuations appear to be consistently overly aggressive or conservative, this may be an indicator of possible management bias.

Where there is a lack of observable external evidence, it is particularly important that those charged with governance have been appropriately engaged to understand the subjectivity of management’s valuations and the evidence that has been obtained to support these valuations. In such cases, it may be necessary for the auditor to evaluate whether there has been a thorough review and consideration of the issues, including any documentation, at all appropriate management levels within the entity, including with those charged with governance.

When markets become inactive or dislocated, or inputs are unobservable, management’s valuations may be more judgmental and less verifiable and, as result, may be less reliable. In such circumstances, the auditor may test the model by a combination of testing controls operated by the entity, evaluating the design and operation of the model, testing the assumptions and data used in the model, and comparing its output to a point estimate or range developed by the auditor or to other third-party valuation techniques.



Determining Whether the Assumptions Used by Management Are Reasonable

An assumption used in a model may be deemed to be significant if a reasonable variation in the assumption would materially affect the measurement of the financial instrument. Management may have considered alternative assumptions or outcomes by performing a sensitivity analysis. The extent of subjectivity associated with assumptions influences the degree of measurement uncertainty and may lead the auditor to conclude there is a significant risk.

Audit procedures to test the assumptions used by management, including those used as inputs to models, may include evaluating:

  • Whether, and if so, how, management has incorporated market inputs into the development of assumptions, as it is generally preferable to seek to maximize the use of relevant observable inputs and minimize unobservable inputs;
  • Whether the assumptions are consistent with observable market conditions, and the characteristics of the financial asset or financial liability;
  • Whether the sources of market-participant assumptions are relevant and reliable, and how management has selected the assumptions to use when a number of different marketplace assumptions exist; and
  • Whether sensitivity analyses indicate that valuations would change significantly with only small or moderate changes in assumptions.

The auditor’s consideration of judgments about the future is based on information available at the time at which the judgment is made. Subsequent events may result in outcomes that are inconsistent with judgments that were reasonable at the time they were made.

In some cases, the discount rate in a present value calculation may be adjusted to account for the uncertainties in the valuation, rather than adjusting each assumption. In such cases, an auditor’s procedures may focus on the discount rate, by looking at an observable trade on a similar security to compare the discount rates used or developing an independent model to calculate the discount rate and compare with that used by management.



What To Consider When a Management’s Expert Is Used by the Entity

Management may engage a valuation expert to value some or all of their securities. Such experts may be brokers, investment bankers, pricing services that also provide expert valuation services, or other specialized valuation firms.

Paragraph 8 of ISA 500 contains requirements for the auditor when evaluating evidence from an expert engaged by management. The extent of the auditor’s procedures in relation to a management’s expert and that expert’s work depend on the significance of the expert’s work for the auditor’s purposes.

Evaluating the appropriateness of management’s expert’s work assists the auditor in assessing whether the prices or valuations supplied by a management’s expert provide sufficient appropriate audit evidence to support the valuations. Examples of procedures the auditor may perform include:

1. Evaluating the competence, capabilities and objectivity of management’s expert for example: their relationship with the entity; their reputation and standing in the market; their experience with the particular types of instruments; and their understanding of the relevant financial reporting framework applicable to the valuations;

2. Obtaining an understanding of the work of the management’s expert, for example by assessing the appropriateness of the valuation technique(s) used and the key market variables and assumptions used in the valuation technique(s);

3. Evaluating the appropriateness of that expert’s work as audit evidence. At this point, the focus is on the appropriateness of the expert’s work at the level of the individual financial instrument. For a sample of the relevant instruments, it may be appropriate to develop an estimate independently, using different data and assumptions, then compare that estimate to that of the management’s expert; and

4. Other procedures may include:

  • Modeling different assumptions to derive assumptions in another model, then considering the reasonableness of those derived assumptions.
  • Comparing management’s point estimates with the auditor’s point estimates to determine if management’s estimates are consistently higher or lower.

Assumptions may be made or identified by a management’s expert to assist management in valuing its financial instruments. Such assumptions, when used by management, become management’s assumptions that the auditor needs to consider in the same manner as management’s other assumptions.