Updated: Jul 16, 2019
On 2 April 2019, Rachel Reeves MP, Chair of the Business, Energy and Industrial Strategy (BEIS) Select Committee, presented the Committee's report "Future of Audit".
To say the report is a disappointment would be a complete understatement.
I should be clear. I support the need for change within the audit industry. It is evident, with the number of issues reported by the FRC (and more broadly, by regulators around the world), that change is needed within the audit industry. The role of audit, and the importance of audit, cannot be underestimated. The outcomes of an audit are relied upon by man, and help provide certainty over a businesses future. Given the importance of audit, and the current state of the audit industry, I fully support that change needs to happen.
This report does not encourage change.
The scope of the Committee, and in particular this inquiry, is to:
...focus on the likely impact of the CMA market study and the review of the FRC (by Sir John Kingman) in improving quality and competition in the audit market and reducing conflicts of interest. The Committee intends to feed into the CMA study and ensure audit reform is linked to coherent reform of the wider corporate governance agenda.
To be fair, the report does focus on the CMA market study and the Kingman review, however to title the report "Future of Audit", is misguiding. A more apt name would be "How to further regulate audit" or perhaps "Better reviewing poor audits".
After reading the report (which can be read in full here), I am left frustrated at the lack of forward thinking and 'adventurousness' of the report.
The report rightly points out previous attempts to 'fix' the audit industry, noting that none of the prior attempts have been entirely successful. This is true, given that the FRC has reported an decrease in the quality of audits for consecutive years now. I have discussed this in previous blogs, such as the anniversary of Carillion. However there is nothing in the report that makes me feel that any new reforms will have the desired effects. The recommendations from this report, in my opinion, are doomed to the same fate as any previous attempts.
Stepping through the recommendations provided in the report, here are my issues:
As the report notes, graduated findings were first implemented by KPMG. KPMG actively approached clients to see if they would be interested in including these as part of their audit report. The uptake was poor, with only 9 clients wishing to include these in the audit report.
Whilst I believe graduated findings are a great idea, they will not improve the audit quality. Rather, I believe any graduated findings should be drafted alongside Internal Audit. Internal Audit should have adequate coverage across all high risk aspects of the business, meaning they are better placed to provide detailed findings than a financial statement audit team. Currently, Internal Audit teams are not required to report on their observations within an Annual Report despite being a part of the organisation throughout the entire year.
The construct of the Future of Audit report makes you believe that auditors should be responsible for being 'more forward looking' and that these graduated findings may help achieve this.
It is important to note that an audit is to provide a 'true and fair' view of the companies historical financial information. Whilst an auditor should perform a going concern assessment, the auditor should not be responsible for ensuring the longevity of the business. That is the responsibility of management and the Board, and this is why legislation (such as the Companies Act), exists. Whilst the auditor should identify any inconsistencies as part of their going concern assessment, it would almost be a death sentence making an Audit Partner sign an audit report confirming the future of a business based on historical information and future estimates. Anything can happen in the future, and it would be unreasonable to make anyone accountable for the future. This 'forward looking' concept should be confirmed, at a minimum, but the Board and Senior Management.
Widening the audit scope
The report discusses widening the audit scope to include the entire annual report. For starters, in my role as an auditor, I already review the annual report to ensure all information presented is consistent with the information presented within the financial statements. Any good auditor should be doing this. However, the recommendation is contradictory on a number of fronts:
The report already acknowledges the time pressures and resource constraints placed on audit teams. Widening the scope will not help eliminate these constraints.
The report mentions that smaller firms are not provided the opportunity to compete against the Big 4. Including a requirement to review the entire annual report may only further push some smaller firms out of the picture.
The Institute of Chartered Accounts Australia and New Zealand (ICAANZ) proposed the approach of 'Modular Audits'. Should audit firms be required to review an entire annual report, such an approach (which can be read about here), may be beneficial.
It should be clear to what extent the annual report should be reviewed. Such a bold statement by the committee runs the risk of creating a new 'expectation gap'. Furthermore, I believe this is another instance where Internal Audit can also assist.
Auditors presenting at the AGM
Whilst I agree auditors should front the Annual General Meeting's of their clients, I also believe that Internal Audit should also. As mentioned previously, as they are embedded in the organisation throughout the year, and report to the Audit Committee, the Internal Audit team should also be held accountable.
Separating audit from non-audit services
Again, I agree with the need for this, however question why firms are not already doing this. As an auditor within a Big 4 firm outside of the UK, a culture has been created to keep audit and advisory separate. Checks are performed prior to tending for any future engagements, with checks continuously performed throughout the engagement. Care is given to ensure there are no conflicts of interest, nor are there any perceived conflicts of interest. There are no incentives for 'upselling' or referring other services.
The structural splitting of firms (which both KPMG and BDO are currently considering), are unlikely to actually result in any real change. The report also struggles to explain how they have come to the conclusion that a structural split will address the issues currently being faced by the industry.
An alternative could be for the FRC (or Companies House) to obtain a listing of all services provided by the firm to the client during the audit period. This listing can be submitted alongside the submission of annual financial statements. Using Artificial Intelligence or data analytics, the regulator can make an assessment as to whether there is appropriate separation between audit and non-audit services. Penalties can be imposed for firms that failure to maintain separation. Furthermore, checks should be performed at audit firms to ensure that employees are not incentivised to seek fees through other services provided to the client.
Regulator to appoint the independent auditor
I understand the conflict that currently exists between the auditor and the client. The auditor needs to maintain a positive relationship with the client. In turn, there is the risk that clients choose audit firms that culturally fit with the organisation. This may, in turn, impact on the auditors actual or perceived independence.
The report fails to mention if this duty would become the responsibility of the FRC or the proposed Audit, Reporting and Governance Authority (ARGA). For this recommendation to be any success, the regulator responsible for appointing the auditor, should not be the regulator responsible for reporting on audit quality. If the FRC is to appoint the auditor, but also review the auditors quality, there is a massive conflict of interest here. There is no incentive for the FRC to admit when an auditor (which they appointed), did a bad job. Furthermore, is the regulator best placed to actually choose the auditor? Specialists (such as actuaries), or firms with large industry specific knowledge may be overlooked to favour smaller firms to balance out the number of audits being performed by the Big 4.
Finally, what authority and power does the regulator have to essentially spend company's money to appoint an auditor.
Given the numerous issues and controversies the FRC has been involved in over the past, it would not be recommended that additional responsibilities be provided to the FRC when the basics still need to be improved.
The report really does provide some good recommendations, however I am disappointed at how 'challenging' the report is. This report has the opportunity to provide some bold, forward thinking recommendations. Instead, I am left feeling that this report does nothing but give the illusion that the Government is 'doing something' to address the currently situation. However, it has already been proven that the Government is moving too slowly, with two firms already considering implementing some of the recommendations for this report. Early adoption of the recommendations by firms only further puts the Government on the back foot. When future issue arise, the Government will be in yet another awkward situation and unable to argue the fact that firms had already implemented all the proposed recommendations.
The current approach to regulation, fines, and naming and shaming, is clearly not working. Instead, a more proactive approach to prevent poor audit quality should have been recommended through this report. Some suggested recommendations (in addition to those already flagged in the report), could include:
Creation of price and resourcing floors, (i.e the amount of the audit fee, minimum audit time, minimum audit resources), should be dictated by an appropriate benchmark which is reflective of the businesses size, should be set. This will help create a level playing field between all audit firms, and ensure that audit quality is not impacted by time pressures or resource constraints. Further, where firms do face resource constraints, it may encourage 'team work' where mid-tier firms work collaboratively, thus creating more competition against the Big 4.
Use analytics. With advancements in technology and AI, regulators should harness more data from audit firms. This data can be used to better identify 'riskier' businesses, which could be earmarked for detailed quality reviews. Collection of data over a long period of time by the regulator can also help ensure businesses are compliant with the capital maintenance regime, assist with future looking viability of the business, and potentially even help identify audit short comings and inconsistencies.
Mandatory training (in addition to current penalties and fines) for audit firms that fail to meet minimum audit quality standards.
Whilst the work of the Committee and the various reviews should be acknowledged and appreciated, I am just very concerned that the recommendations are going to succumb to the same fate as previous reviews aimed at improving the audit industry.
I am hopeful that this review does encourage change. Our profession and our reputation need to improve if we are to remain valued and respected going forward.