Common AFM Findings on ISA 540 Estimates

Why estimates keep failing inspection

IFIAR’s annual survey has tracked the same deficiency categories across six global audit networks since 2014. Accounting estimates have topped the list for years. In the 2017 survey, 29% of the 918 inspected PIE audits had findings on estimates, making it the single highest category. PCAOB inspection reports echo this: the most common deficiencies relate to testing valuations in business combinations, goodwill impairment analyses, and expected credit loss provisions.

ISA 540 (Revised), effective for periods beginning on or after 15 December 2019, was explicitly motivated by these inspection findings. Yet the problem persists. The IAASB designed ISA 540 (Revised) to require a separate assessment of inherent risk for each estimate, to introduce a spectrum of inherent risk factors (estimation uncertainty, complexity, and subjectivity, plus the related judgment involved), and to require auditors to respond to those factors with procedures proportionate to the assessed risk. Three years into application, the deficiency rate hasn’t meaningfully declined.

In the Netherlands, the NBA incorporated mandatory training on ISA 540 (Revised) into its member programmes. AFM inspections have consistently flagged insufficient evidence on estimates as one of the top deficiency areas alongside fraud risk procedures, going concern, and understanding the entity. According to the AFM, the revised standard provides adequate requirements. Execution is where it breaks down.

Ignorance of the standard is not the root cause. It is the way estimates get audited in practice. Most audit teams approach an accounting estimate by obtaining management’s calculation, verifying the arithmetic, checking that the inputs tie to the underlying records, and documenting that the methodology is consistent with the applicable financial reporting framework. That process audits the mechanics. It does not audit the judgments. The assumptions embedded in the estimate — discount rates, growth projections, default probabilities, useful lives, provision percentages — are where management exercises judgment, where bias enters, and where the estimate can be materially wrong despite perfect arithmetic.

The risk assessment gap: inherent risk factors under ISA 540.16

ISA 540.16 requires the auditor to separately assess inherent risk for each accounting estimate by evaluating the degree of estimation uncertainty, complexity, and subjectivity (plus the degree of judgment involved). This is a change from the pre-revision standard, which did not require these factors to be assessed individually. The separate assessment determines the nature and extent of the auditor’s further procedures.

Most inspectors flag the same issue: auditors don’t perform the separate assessment. They assess the estimate as a whole (significant risk or not) without breaking down why. An estimate with high estimation uncertainty but low complexity requires a different response than an estimate with low uncertainty but high subjectivity. ISA 540.16 requires the auditor to identify which factors are driving the risk so that the response addresses the right dimension.

Estimation uncertainty

Estimation uncertainty exists when the estimate could reasonably take a range of values and the outcome is sensitive to assumptions about future events. The IFRS 9 expected credit loss provision is a textbook example: the estimate depends on forward-looking macroeconomic scenarios that are inherently uncertain, and small changes in probability weightings produce materially different results.

Complexity

Complexity arises when the estimate involves a method or model that is technically demanding. Fair value measurements using level 3 inputs under IFRS 13, for instance, often rely on discounted cash flow models with multiple interdependent variables. Testing such an estimate requires the auditor to evaluate the model itself, not just the inputs.

Subjectivity

Subjectivity exists when the estimate involves choices that depend on management’s judgment and cannot be independently verified. The useful life assigned to an intangible asset acquired in a business combination is subjective: there is no external data source that confirms whether seven years or twelve years is correct. Auditing this requires the auditor to evaluate the reasonableness of the judgment, including whether alternative assumptions would produce a materially different result.

When the file doesn’t distinguish between these factors, the procedures can’t be calibrated to the risk. The result is the finding the PCAOB and AFM identify repeatedly: auditors did not sufficiently test the significant assumptions used by management.

Testing assumptions versus accepting assumptions

ISA 540.26 gives the auditor a choice of approaches when responding to assessed risks for an estimate: develop an independent estimate, test management’s method and data, or test how management made the estimate. Most auditors choose the third option. The inspection finding is almost always the same: the test consists of agreeing the inputs to source data, verifying the arithmetic, and accepting the assumptions because management has provided a rationale.

Accepting management’s rationale is not testing. ISA 540.A120 requires the auditor to evaluate whether management’s assumptions are reasonable in the circumstances. That evaluation requires the auditor to consider whether alternative assumptions exist, whether the chosen assumptions are consistent with market-observable data, whether there are indicators of management bias, and whether sensitivity analysis demonstrates that the estimate is not materially sensitive to changes in assumptions that are within a plausible range.

The AFM’s inspection findings confirm that auditors frequently stop at the first step. They verify that the growth rate management used matches the internal budget. Next, they confirm that the discount rate was sourced from a third-party provider. And they check that the provision percentage is consistent with prior year. None of this tests whether the assumptions are reasonable. The growth rate could match the budget and still be unreasonable if the budget itself is optimistic. A discount rate could be sourced from a reputable provider and still be inappropriate if management selected a rate from the low end of the available range. And the provision percentage could be consistent with prior year and still reflect a systemic bias that has accumulated over time.

ISA 540.32 requires the auditor to evaluate whether the accounting estimates and related disclosures are reasonable in the context of the applicable financial reporting framework. IAASA (Ireland’s audit regulator) specifically noted in its 2020 guidance on ISA 540 (Revised) that auditors should take into account audit evidence that appears to contradict management’s assumptions, even when other evidence supports them. Contradictory evidence cannot be overridden by confirmatory evidence. Both must be weighed.

The retrospective review that catches bias (and the one that doesn’t)

ISA 540.19 requires a retrospective review of prior-period accounting estimates and, where applicable, of the assumptions and data used. The purpose is not to second-guess the prior-year audit. It is to identify indicators of management bias.

The AFM’s January 2025 fraud report (which covered the interaction between estimates and fraud risk under NV COS 240.33b) found that auditors perform the retrospective review mechanically without evaluating whether the results indicate directional bias. If a provision for warranty claims has been under-accrued in the same direction for four consecutive years, the retrospective review should identify that pattern and assess whether it indicates an intent to manipulate profit. A mechanical review that compares last year’s estimate to the actual outcome, concludes “within range,” and moves on will never catch this.

The retrospective review is also required by ISA 240.A46 as part of the fraud risk assessment for management override of controls. This dual purpose means the review should appear in both the ISA 540 estimate workpaper and the ISA 240 fraud risk documentation. Most files include it in one location but not the other. Inspectors check both.

Worked example: De Vries Machinebouw B.V.

De Vries Machinebouw B.V. is a Dutch machinery manufacturer with €45 million in revenue. The financial statements include two significant estimates: a warranty provision of €1.8 million (based on a 4% provision rate applied to revenue) and a goodwill impairment test for a 2021 acquisition valued at €3.1 million on the balance sheet. Your planning risk assessment identifies both estimates as having significant risk.

1. Assess inherent risk factors separately for each estimate (ISA 540.16)

Warranty provision: estimation uncertainty is moderate (the provision rate is based on historical claim data, which is observable), complexity is low (the calculation is a simple percentage), subjectivity is moderate (management selects the provision percentage and could bias it). The primary risk factor is subjectivity. Response focus: test whether management’s selected rate is supported by historical claim experience and whether alternative rates would produce a materially different result.

Goodwill impairment test: estimation uncertainty is high (the recoverable amount depends on a five-year cash flow projection), complexity is high (the discounted cash flow model uses multiple interdependent variables), subjectivity is high (growth rates and margin assumptions, alongside the discount rate, all involve management judgment). All factors are elevated. Response focus: test every significant assumption independently and run sensitivity analysis.

2. Test the warranty provision assumptions

Obtain the historical warranty claim data for the last five years. Calculate the actual claim rate for each year (total claims paid divided by revenue). Compare to management’s 4% provision rate. If the actual rates were 3.2%, 3.5%, 2.8%, 3.1%, and 3.4%, management’s 4% rate is consistently above actual experience. That is not conservative; it is potentially biased upward (creating a hidden reserve). The retrospective review should flag this pattern and the auditor should challenge management’s rationale for maintaining a rate that exceeds actual experience by 15–25% in every year of the sample period.

3. Test the goodwill impairment assumptions

Obtain management’s DCF model. Identify the four significant assumptions: revenue growth rate (management uses 6% for years 1–2, 3% for years 3–5), EBITDA margin (management uses 14%), discount rate (management uses 9.2%), and terminal growth rate (management uses 2%).

For each assumption: identify the source (internal budget, external market data, third-party valuation input), obtain the range of available data (sector revenue growth forecasts, peer company EBITDA margins, comparable discount rates from the same valuation provider), and assess where management’s chosen assumption sits within that range. If management’s 6% growth rate for years 1–2 exceeds published sector forecasts of 2–4%, the deviation requires explanation. Document the explanation and assess its plausibility.

Run a sensitivity analysis: what happens to the recoverable amount if the growth rate drops to 3% (the midpoint of sector forecasts) while all other assumptions remain unchanged? If the headroom between recoverable amount and carrying value disappears, the estimate is sensitive to the growth rate assumption, and that sensitivity must be disclosed under IAS 36.134(f).

4. Perform the retrospective review across both estimates

For the warranty provision: compare the prior-year provision to actual claims for each of the last five years. Present the table. Conclude on directional bias.

For the goodwill impairment test: compare last year’s projected cash flows (years 1–2 from the prior-year model) to actual cash flows achieved. If management projected €48 million in revenue and the actual was €43 million, last year’s projection was optimistic by 10%. This is relevant evidence for evaluating whether the current year’s projections are reasonable.

Your file checklist for ISA 540 estimate procedures

1. For each significant estimate, confirm that the file contains a separate assessment of inherent risk covering estimation uncertainty, complexity, and subjectivity (ISA 540.16). If the assessment says “significant risk” without identifying which factor drives the risk, the documentation is incomplete.
2. For each significant assumption, verify that the auditor identified the available range of inputs (from market data, sector forecasts, or peer comparisons) and documented where management’s chosen assumption sits within that range (ISA 540.A120).
3. Verify that sensitivity analysis was performed for estimates with high estimation uncertainty, showing the effect on the estimate of changing each significant assumption within a plausible range. If the estimate is sensitive to an assumption that sits above the market range, the file should document how this was resolved.
4. Confirm that the retrospective review of prior-period estimates presents direction and magnitude of variances, not just a pass/fail conclusion. If all variances are in the same direction, the file should document whether this indicates management bias (ISA 540.A125) and cross-reference to the ISA 240 fraud risk assessment.
5. For estimates relying on management’s experts (actuaries, valuers), verify that the auditor evaluated the expert’s competence and objectivity, as well as the appropriateness of the expert’s work for audit purposes (ISA 540.A104), not just accepted the expert’s report as audit evidence.

Common mistakes from inspection findings on estimates

• IFIAR’s surveys consistently identify the same root failure: auditors agree the inputs to source data and verify the arithmetic but do not test whether management’s assumptions are reasonable. The PCAOB’s most recent inspection reports confirm the pattern. If your estimate workpaper contains the phrase “management’s assumption appears reasonable based on our review of the underlying calculation,” the workpaper hasn’t tested anything.
• The AFM’s inspection approach for ISA 540 (Revised) includes a specific check for whether the auditor made a separate assessment of inherent risk using the three factors (estimation uncertainty, complexity, subjectivity). If your file assesses estimate risk as a single yes/no, the documentation will fail this check.
• The PCAOB flagged that auditors often do not evaluate contradictory evidence when it exists alongside confirmatory evidence. If one analyst’s sector forecast supports management’s growth assumption but two others contradict it, the file should document all of them and explain the weighting, not just cite the one that confirms management’s position.

Related tools and reading

Put audit concepts into practice with these free tools:

Related guides:

Frequently asked questions

Source references

• IFIAR, Annual Inspection Findings Survey (2014–2024)
• AFM, January 2025 supervision report on fraud risk procedures
• ISA 540 (Revised), Auditing Accounting Estimates and Related Disclosures
• IAASA, Guidance on ISA 540 (Revised), 2020
• PCAOB, Inspection Reports (2023–2024)