.png)
Hi,
With some focus coming onto this at the moment there seems to be a belief auditors should simply go onto registries to check holdings (at our time of course). I know this is a common practice but as auditors are we legally within our rights to take a HIN Number off a statement and log in? To me this is a private client portal where changes can actually be made like updating a TFN, addresses, mailing preferences etc, so interestingly I wonder if the auditors being sued in the Caddick case may argue this point when the suggestion is made they should have done registry checks.
Perhaps we really need something in our engagement letters that the client authroises us to access share registries?
Or the client should do the role of a Trustee and fulfil the 'Self Managed' component of their SMSF and check for themself and provide the information.
Also I think we may get a court precedent on this out of the Caddick case.
Thanks for a very pertinent question.
Fund auditors will always place an important emphasis on protecting sensitive and private information that is necessarily obtained and used in the process of conducting a fund audit.
From my own review of standard precedent SMSF audit engagement letters it does not appear to be commonplace to include an explicit reference to an authorisation of the fund auditor to access share registries.
Nevertheless, it would be interesting to hear the perspective of SMSF auditors as to whether they include such a reference in their engagement letters, or if they don't, do they think that they should?