Discover Thomson Reuters
By Christine Brentani
14 Min Read
LONDON (Thomson Reuters Regulatory Intelligence) – As more large firms go bankrupt in the UK, external auditors and the body that oversees them, the Financial Reporting Council (FRC), continue to be under a very bright spotlight.
A number of initiatives are underway. Auditors, themselves, are under review by the FRC. The Competition and Markets Authority (CMA) has proposed reforms{here} to improve competition in the audit sector. Additionally, the FRC, as an organisation, is being scrutinised by the UK government.
The Department for Business, Energy and Industrial Strategy (BEIS) launched a consultation in March 2019{here} to consider the implementation of recommendations proposed in Sir John Kingman’s Independent Review of the FRC{here}. The review recommended that the FRC be replaced altogether with a new regulator, to be called the Audit, Reporting and Governance Authority.
Separately in December 2018, the BEIS asked Sir Donald Brydon to conduct an independent review of the quality and effectiveness of audit{here}. The findings will be published later in 2019.
With the implementation of the proposed reforms to the sector, the audit profession will change over time. Knock-on impacts to internal audit functions at firms (also referred to as the third line of defence) may occur. In any case, the output from the various proposals provide some potential lessons for internal audit teams.
Following its Audit Review in June 2018{here}, the FRC said: “The Big Four audit practices must act swiftly to reverse the decline in this year’s audit inspection results if they are to achieve the targets for audit quality set by the Financial Reporting Council (FRC). … Across the Big [Four], the fall in quality is due to a number of factors, including a failure to challenge management and show appropriate scepticism across their audits, poorer results for audits of banks.”
The Big Four audit practices comprise Deloitte, EY, KPMG and PwC.
In its October 2018 Developments in Audit report{here}, the FRC said it would respond to the inherent challenges in the current audit model by launching a project on the future of corporate reporting and by looking at whether audit should go beyond the financial statements and be more forward-looking.
In December 2018, the FRC published the results of its “Audit Quality Thematic Review of Other Information in the Annual Report”{here}. In this report, the FRC said it “observed a number of instances where insufficient work was performed to support the statement auditors made in respect of other information in the auditor’s report”. The result was that users of the reports could become confused and there was a risk that material inconsistencies or misstatements could go undetected.
For example, the FRC said that firms did not generally require audit teams to obtain the company’s risk register and to consider its completeness as part of the auditor’s review and consideration of the principal risk disclosures in strategic reports. This was seen as a deficiency.
The findings in the reports represent examples of persistent concerns relating to audit quality that required rectification. Suggested improvements included:
– More prescriptive and targeted procedures, including templates and workbooks, to guide audit teams in the work they perform.
– Specific consideration of the other information at the planning stage of the audit.
– Greater emphasis on the review of key non-financial information, in addition to the financial information.
-Greater scepticism and more attention to the completeness of the information, particularly the principal risk disclosures, and their linkage with the viability assessment/statement.
– Consistently requiring boards to prepare, on a timely basis, separate papers and other documentation to support their fair balanced and understandable (FBU) and viability assessment/statements.
– Ensuring staff with appropriate experience and knowledge of the audit are assigned to review the other information to identify potential material misstatements and inconsistencies.
LESSONS FOR FIRMS IN RELATION TO INTERNAL AUDIT TEAMS: Although internal audit teams are likely to have their own policies and procedures, they could compare their systems with recommendations from the FRC for external audit to ensure they meet requisite standards.
Following its market study{here} into the statutory audit market in October 2018, the CMA published an update paper outlining serious competition concerns and proposing changes to legislation to enhance the functionality of the audit sector{here}.
In the paper, the CMA provided the following reasons why it believed audit quality was falling short:
– Companies choose their own auditors, and as a result, the CMA saw too much evidence of companies picking those with whom they had the best “cultural fit” or “chemistry” rather than those who offered the toughest scrutiny.
– Choice was too limited, with the Big Four audit firms conducting 97 percent of the audits of the biggest companies.
– Auditors’ focus on quality appeared diluted by the fact that at least 75 percent of the revenue of the Big Four comes from other services such as consulting.
In its paper, the CMA proposed legislation to:
– Separate audit from consulting services.
– Introduce measures to substantially increase the accountability of those chairing audit committees in firms.
– Impose a “joint audit” regime giving firms outside the Big Four a role in auditing the UK’s biggest companies.
The consultation on these proposals closed in January 2019 and the CMA will publish its final report and recommendations to the government later in 2019.
LESSONS FOR FIRMS IN RELATION TO INTERNAL AUDIT TEAMS: Firms should ensure that the “voice” of internal audit is held in high regard and that its role as a third line of defence remains strong.
For financial institutions, the FCA’s Senior Managers and Certification Regime (SMCR) Prescribed Responsibility (j) ensures that there is a senior management responsibility for safeguarding the independence and oversight of the performance of the internal audit function, in accordance with the internal audit requirements for SMCR firms and the Prudential Regulation Authority (PRA) requirements.
CONSULTATION ON RECOMMENDATIONS FROM THE INDEPENDENT REVIEW OF THE FRC
The result of Sir John Kingman’s “root and branch” review of the FRC, commissioned by the BEIS, was a report{here} recommending that that the FRC be replaced with an independent statutory regulator. The review also set out 83 recommendations on the detail of how the new audit regime should function.
In a letter{here} which was separate to the report, Sir John set out his thoughts with regard to whether fundamental changes were required to the way company auditors were appointed and how their fees were set. The BEIS said it will consult on the proposals in the letter separately.
The BEIS has issued a consultation on implementing the 83 recommendations in the review{here}. The consultation set out which recommendations could be implemented by the FRC and BEIS as soon as possible, which could be implemented following consultation and discussion (covered in the consultation paper or separately in the near future) and which required primary legislation or other considerations (for example, competition-related findings from the review would have to be considered alongside the findings from the CMA study on the statutory audit market).
The consultation covered recommendations in the areas set out below.
Among other functions, the recommendations called for the new regulator to be forward-looking, seeking to anticipate and where possible act on emerging corporate governance, reporting or audit risks, both in the short and the longer term.
The recommendations called for the provision of stronger powers to improve the effectiveness of the FRC’s current core functions: audit regulation, audit quality, corporate reporting, enforcements, accountancy oversight and stewardship.
The recommendations said that the new regulator should have a forward-looking role in overseeing company reports and should be risk-aware. The new regulator should be able to commission skilled persons reviews when required.
In its consultation, the BEIS said it would consider the case for adopting a strengthened framework for internal controls on a similar basis to the Sarbanes-Oxley regime{here} in the United States.
The recommendations set out how the new regulator should interact with the government and parliament and specified that the oversight of the new regulator should be similar to that of other public bodies.
The consultation said there should be no future actual or perceived conflicts of interest between FRC employees and its stakeholders.
The consultation confirmed that the new regulator will require a stable statutory funding base and that a statutory levy should be put in place. It also said that the new regulator should develop a staffing and resourcing strategy to meet the requirements established by the recommendations.
The consultations also made recommendations relating to competition, actuarial insight, local audit and the National Audit Office (NAO).
The consultation set out an indication of how it would take forward the recommendations in the review, and set out which should be taken forward as quickly as possible.
LESSONS FOR FIRMS IN RELATION TO INTERNAL AUDIT TEAMS: Internal audit teams could consider mapping their current operations to some of the proposals for the objectives, duties and functions of the new regulator. For example, internal audit teams should look at the following new regulator activity recommendations and check that they operate in a similar way:
– acts in a forward-looking manner, seeking to anticipate and where possible act on emerging corporate governance, reporting or audit risks, both in the short and the longer term;
– advances innovation and quality improvements;
– promotes brevity, comprehensibility and usefulness in reporting;
– is proportionate, having regard to the size and resources required and balancing the costs and benefits of recommended actions; and
– prioritises activity on the basis of risk.
The BEIS consultation on implementing the recommendations closes on June 11, 2019.
As the strength of external auditors increases following the new proposals, one consideration is whether this could subsequently lessen the importance of internal audit teams within firms.
It is likely that the role internal audit teams play as the third line of defence will remain as important as it currently is. The overall status of auditors, whether external or internal, should increase with the implementation of new rules for this sector.
“Although the reforms to external audit may, in time, have an impact on the importance of internal audit functions, a strong, independent and effective third line of defence is likely to continue to be extremely important and valuable for firms. An effective third line of defence can have myriad benefits, including when regulators have concerns; they may choose to rely on the firms’ own internal audit function instead of deploying more costly and intrusive regulatory tools such as visits or s 166 reviews”, said Dr Jimi Hinchliffe, chief executive of NJ Risk and Regulatory Consulting Ltd.
*To read more by the Thomson Reuters Regulatory Intelligence team click here: bit.ly/TR-RegIntel
(Christine Brentani is a member of the Thomson Reuters Regulatory Intelligence Team. christine.brentani@thomsonreuters.com)
This article was produced by Thomson Reuters Regulatory Intelligence – bit.ly/TR-RegIntel – and initially posted on Mar. 19. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters
Our Standards: The Thomson Reuters Trust Principles.
All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.
E