17 June 2016 brought significant change to the regulation of the audit profession and to the practise of auditing, both in Ireland and in the wider EU. There are implications for many companies and their boards.
The new Statutory Audits Regulations1 (the "2016 Regulations") give effect in Ireland to much of the EU Audit Directive2 and give further effect to the EU Audit Regulation3. The 2016 Regulations amend significantly the supervisory framework for, and the professional standards of, the audit profession and also the requirements for the conduct of audits.
Many of the provisions of the 2016 Regulations apply generally but some apply in respect of public-interest entities ("PIEs") only. PIEs include entities any of the transferable securities of which are listed on an EEA regulated market, credit institutions, insurance undertakings and entities that are specifically designated as being PIEs.
The 2016 Regulations revoke the 2010 Statutory Audits Regulations4 (the "2010 Regulations") but:
- the 2010 Regulations will continue to apply to the conduct of statutory audits, and to the related duties and powers of statutory auditors and audit firms, for financial years that commenced prior to 17 June 2016; and
- the revocation of the 2010 Regulations does not affect their application, for the period prior to 17 June 2016, to matters that, before 17 June 2016, the 2010 Regulations addressed (eg criminal and regulatory investigations).
This briefing considers the key points of the 2016 Regulations and of the directly effective EU Audit Regulation.
Amendments to the Companies Act 2014
The 2016 Regulations amend the Companies Act 2014 to:
- expand the information and views to be included in the statutory auditor's report for all audited companies5;
- expand the objects and functions of the Irish Auditing and Accounting Supervisory Authority ("IAASA") to include oversight of statutory auditors and of the conduct of statutory audits, in accordance with the 2016 Regulations and the EU Audit Regulation;
- empower IAASA to investigate possible contraventions of the 2016 Regulations, the EU Audit Regulation and certain provisions of the Companies Act 2014 by a statutory auditor; and
- empower IAASA to impose on a statutory auditor, and the Director of Corporate Enforcement to impose on a relevant director of a PIE, any of a range of sanctions6 for breach by the statutory auditor of the 2016 Regulations, the EU Audit Regulation and certain provisions of the Companies Act 2014, subject to confirmation by the High Court.
The 2016 Regulations also prohibit any contractual clause that purports to restrict the members of a company in their selection of statutory auditor. Often such `auditor control' provisions were used in leveraged finance agreements.
Audit: Regulatory Framework
Other than in respect of PIEs, the regulatory framework of the audit profession remains broadly the same as under the 2010 Regulations: the recognised accountancy bodies remain the primary regulators of their members and IAASA operates as a `regulator of regulators'.
In this role IAASA supervises the performance of the recognised accountancy bodies in respect of (for example) investigative and administrative disciplinary systems in relation to auditors, adoption of standards on auditing, professional ethics and the internal quality control of audit firms, and continuing professional education requirements for auditors.
However, IAASA now is responsible for the direct inspection of the audits of PIEs, displacing the recognised accountancy bodies in this role. IAASA is given a wide range of powers to underpin this expanded role, including powers of investigation and to impose sanctions on auditors.
IAASA also is responsible for the adoption of standards on auditing, professional ethics and the internal quality control of audit firms (generally and not merely in respect of the audit of PIEs).
A greater amount of information on auditors and audit firms is to be made available on a public register that the Registrar of Companies will maintain.
The 2016 Regulations establish a detailed framework for cross-border co-operation between national competent authorities, such as IAASA, to supplement the provisions of the EU Audit Regulation (see below). The restrictions that the 2010 Regulations imposed on the transfer of "audit working papers and other documents" relating to an audit to a third-country competent authority are continued.
The regulatory and registration framework for third-country auditors wishing to practise in Ireland has also been updated.
Audit: Ethical and Professional Framework
The 2016 Regulations give statutory backing to the requirements of independence, objectivity and professional scepticism on the part of an auditor and apply as a matter of public law the professional rules on confidentiality and secrecy of each of the recognised accountancy bodies, to its members.
The 2016 Regulations also:
- require IAASA to adopt auditing standards and oblige auditors to act in accordance with those standards; and
- restrict the ability for a statutory auditor or "key audit partner" to take up any senior position in an entity that the person has audited.
Audits of Public-Interest Entities
In the case of a PIE, the 2016 Regulations:
- require that certain procedures are adopted for the selection and appointment of the statutory auditor;
- require that the PIE changes its statutory auditor at least every 10 years (following rotation, a statutory audit firm is not eligible for re-appointment as statutory auditor to that PIE for at least four years);
- restrict the entitlement of the statutory auditor to provide certain non-audit services7 to the PIE, but otherwise broadly prohibit the provision of nonaudit services by the statutory auditor to the PIE8; and
- broaden the function, roles and responsibilities of the audit committee of a PIE, while broadly re-enacting the relevant requirements of the 2010 Regulations.
Regulation (EU) No 537/2014
The principal purpose of the 2016 Regulations is to transpose the EU Audit Directive but they must be read in light of the EU Audit Regulation which applies to the audit of PIEs. From 17 June 2016, the EU Audit Regulation has direct effect in the State as though it were domestic law of Ireland.
Auditor Independence and Objectivity
The EU Audit Regulation:
- prohibits contingent fees for the provision of statutory audits to PIEs;
- restricts significantly the entitlement of an audit firm to provide non-audit services to a PIE (prohibiting the provision of such services entirely, in most circumstances);
- obliges a statutory auditor to undertake a documented assessment of whether the auditor is sufficiently independent to undertake or continue the audit;
- requires statutory auditors to report an irregularity to the authorities if the statutory auditor believes that the irregularity is not being addressed appropriately;
- requires the statutory auditor of a PIE to prepare and publish on its website, annually, a transparency report regarding the audit firm, addressing a wide range of matters that reflect on late to the independence and impartiality of the firm;
- obliges the statutory auditor of a PIE to provide fee-related information to the competent authority (for Ireland, IAASA); and
- prescribes a procedure for, and conditions to, the recruitment and appointment of a statutory auditor to a PIE.
Audit Standards and Quality
The EU Audit Regulation:
- obliges a statutory auditor to undertake a process of engagement quality control and to review draft audit findings;
- empowers the European Commission to adopt international auditing standards in respect of audit practice and auditor independence;
- prescribes the requirements of an audit report in respect of a PIE, and of a report to the audit committee of a PIE; and
- obliges a statutory auditor of a PIE to report any of a number of matters to the supervisor of the relevant PIE, such as a material breach by the PIE of laws governing its activities.
Audit Supervision, Oversight and CoOperation
The EU Audit Regulation:
- provides that, in respect of the audit of a PIE, audit quality assurance will be undertaken directly by IAASA by way of inspections of relevant audit firms;
- requires IAASA to monitor competition in the market for audit services to PIEs and identify risks in that sector of auditing;
- provides for the establishment of the Committee of European Auditing Oversight Bodies ("CEAOB") to organise the co-operation of national supervisory competent authorities; and
- requires national competent authorities to organise themselves into colleges of competent authorities, as appropriate, in order to supervise cross-border firms, networks of audit firms, etc.
Implications for Companies and Directors
These audit reforms will impact on Irish companies from the first financial year that commences after 17 June 2016.
The changes for boards of PIEs will be more significant than for those of other types of company as many aspects of the relationship between the board and the auditors, and between the audit committee and the auditors, will change: for example, selection and appointment procedures for auditors will be revamped, mandatory auditor rotation will be required and the non-audit services that the auditor may provide will be severely restricted.
Implications for non-PIEs will be less noticeable but important nonetheless. The auditor's report will expand in scope and content with obvious implications for the range and detail of the information that the auditor will seek from the directors in order to perform the auditor's expanded role. In this regard, the directors of every company the financial statements of which are audited should recall their obligation to provide all relevant audit information to the auditor, proactively9.
Together, the Companies Act 2014, the 2016 Regulations and the EU Audit Regulation are an important assurance of the credibility of the financial statements of Irish companies.