Blog

SMSF is an audit that is to be conducted annually without any negotiation. This is where the role of Audit Contravention Report (ACR) comes in. Many auditors often misunderstand this rule, which is associated with SMSF compliance.

An ACR is a formal report your SMSF auditor must lodge with the ATO when a breach of superannuation law is identified during your fund’s annual audit. It doesn’t always mean penalties are coming, but it does mean the ATO is now watching.

Whether you’re a trustee trying to protect your retirement savings or an accountant managing multiple SMSF clients, understanding what triggers an ACR and how to respond can save you from serious compliance headaches down the track.

What Exactly Is an SMSF Audit Contravention Report?

Every SMSF must be audited annually by an approved SMSF auditor. In this process, the auditor not only checks the number, but also reviews whether your fund has been run in line with superannuation law.

Suppose the auditor spots a breach of the Superannuation Industry (Supervision) Act 1993 (SIS Act) or its Regulations. Also, if the breach meets certain reporting criteria, they are legally required to notify the ATO. They do this by lodging an Audit Contravention Report (ACR), also known as an Auditor Contravention Report.

It should be seen as a formal flag to the regulator. It doesn’t mean your fund is in crisis. It means a potential breach has been identified and the ATO needs to know about it.

Who Lodges the ACR – The Trustee or The Auditor?

The situation creates confusion for many trustees. The approved SMSF auditor holds sole responsibility for filing an ACR, while trustees and their accountants do not share this duty. Auditors must report all known or suspected violations to the ATO according to Section 130 of the SIS Act. The auditor has to inform the trustee at the same moment they submit their report to the ATO, which ensures you will receive complete information.

When Does an Auditor Have to Lodge an ACR?

The ACR must be lodged within 28 days of completing the audit, Australian Taxation Office, and not every contravention automatically requires one. The auditor uses seven specific reporting criteria to decide which violations should be documented as reportable breaches.

The most commonly triggered criteria include:

• The fund fails the SMSF definition test – The fund must be reported if it loses its SMSF status under Section 17A because its member or trustee structure has changed.
• The contravention is a repeat offence – The report must include the violation because trustees breached the same section again after receiving previous advice about the contravention. The ATO takes repeated non-compliance seriously.
• The financial threshold is crossed – An ACR must be lodged when all violations exceed $30,000 in total value or when violations account for more than 5% of the total value of the fund Assets according to SMS Magazine, which represents the smaller amount.
• The contravention involves illegal early access or lending – Section 65 violations trigger an ACR whenever money is lent to members or used for purposes that do not include retirement, according to the law.
• The fund’s financial position is at risk – The auditor needs to report their findings about member liability coverage because they believe that the fund’s assets will not be enough to cover all member liabilities.

What Are the Most Common Contraventions That Lead to an ACR?

According to ATO data and industry experience, these breaches represent the most common violations that occur in practice.

• Lending money to a member or their relative (Section 65)
• Acquiring assets from related parties outside the permitted exceptions (Section 66)
• Breaching the 5% in-house asset limit (Section 84)
• Failing to transact at arm’s length (Section 109)
• Not maintaining or following a proper investment strategy (Regulation 4.09)
• Not keeping adequate trustee records or minutes (Section 103)

What Happens After an ACR Is Lodged?

The ACR process does not lead to penalties for organizations that receive its results. The ATO uses a risk-based approach. The ATO contacts trustees between eight and twelve weeks after the ACR submission because they use the fund’s risk assessment.

The ATO can issue an education direction, a rectification direction, or assess financial penalties, while it may declare the fund non-compliant in extreme situations. First-time rectified breaches result in guidance according to ATO procedures, but organizations should not disregard ATO communications.

Can You Avoid an ACR?

Most of the time, people can achieve this goal. The best approach is proactive compliance throughout the year, not just at audit time. If your accountant or auditor flags a potential issue before the audit is finalised, act quickly. The auditing team should work together with trustees to resolve all violations. The documented procedure to address the problem creates substantial evidence to present to the ATO.

The practice of changing auditors to prevent negative results proves ineffective according to current knowledge. Auditors must report all discovered violations because their duty continues despite contract termination, and the ATO considers this behavior to be extremely unacceptable.

The Bottom Line

An ACR is not the end of the world. An ACR requires organizations to begin their compliance work. Trustees must monitor their fund obligations throughout the entire year. Accountants need to create a pre-audit review process, which should be part of their SMSF operations. Organizations should address problems at their initial detection point because it is more efficient than explaining issues to the ATO at a later time.