The adequacy of the work of external auditors of banks, credit unions and insurers was critiqued by the Australian Securities and Investments Commission yesterday.The critique was contained in ASIC's periodic report on its audit inspection program for 2012, which recorded a second year of declining performance.ASIC chairman Greg Medcraft has said that if auditors do not improve their performance, he will write to federal Treasury recommending greater regulation. The most likely regulation would be compulsory rotation of auditors.ASIC cited three main defects relating to the audits of banks and credit unions:• Insufficient and inappropriate audit evidence obtained to support the valuation of significant financial assets, such as trading derivatives and available-for-sale securities. ASIC said it had found instances where the auditor's substantive procedures were inadequate and the auditor had placed inappropriate reliance on controls and external confirmations to validate a valuation assertion.• Insufficient testing to assess the adequacy of provisions for loan losses.• Insufficient testing of the reported net interest margin.ASIC also found problems common to other industries. Auditors in various cases did not obtain sufficient appropriate evidence to support audit procedures on impairment, failed to apply professional scepticism or to properly perform analytical reviews, and relied on the work of others.In relation to the audit of insurance companies, ASIC highlighted:• A lack of sufficient professional scepticism about the sufficiency of the level of the "liability adequacy" provision and the calculation of the "probability of adequacy" for outstanding claim provisions.• Insufficient assessment by the auditor of whether work performed by the firm's internal actuarial experts on insurance liability provisions could be relied upon and was sufficient to support their conclusions on the adequacy of provisions.• Inadequate testing of key controls in the audited entity's underwriting system and insufficient testing to confirm internal controls operated for the entire audit period.The ASIC review also found that audits of banks, credit unions and insurance companies were often conducted using inappropriate sampling procedures.There is nothing in ASIC's audit report to put these concerns in context or to say whether they relate to any one class of bank or credit union, or are related to the work of particular auditing firms.ASIC's previous report on its audit program two years ago raised no specific concerns relating to the audit of financial services firms.ASIC said it produced its report after "reviewing specific areas in a limited sample of selected audit engagements."