The Financial Reporting Council this week published its annual report covering results of its audit inspections during the last year.
These inspections do not involve technical review of financial statements but focus on the appropriateness of audit judgments and on identifying deficiencies in a firm’s audit work and quality control procedures.
Results improved overall compared with previous years, but with some polarisation. The percentage of audits given a top rating increased to 59% from 46%, but those where significant deficiencies were identified also rose to 15% from 10%. These were primarily audits of companies outside FTSE 350 and with a relatively high proportion of financial services firms.
FRC grouped key messages under six headings:
Audit quality – FRC is concerned that cost pressures and audit fee reductions, for instance as a result of tendering, may lead to compromise on quality, with insufficient work performed to identify material misstatements and the possible acceptance of inappropriately high materiality levels. As a result of this concern, FRC will undertake a thematic inspection of audit materiality.
Financial services – FRC acknowledges that audits of financial services involve more judgmental decisions on highly complex matters than in other areas. Two aspects are singled out as requiring improvement: audits of loan loss provisioning and reviews of general IT controls. With regard to loan loss provisioning, FRC identified lack of challenge to key assumptions and inputs used to determine both specific and collective provisions, inadequate corroboration of management explanations and insufficient verification of supporting calculations as particular concerns. As IT systems are so crucial to financial services operations, FRC calls for auditors to enhance their testing of internal systems and controls.
Professional scepticism – FRC highlights auditors’ reviews of assumptions used for impairment testing of goodwill and other intangibles as an area of particular concern.
Group audit considerations – one issue highlighted here is inadequate involvement of the group auditors in the audit of business components, especially where the legal group entity is little more than a ‘letterbox’. FRC stresses that relying on a sign-off from component auditors is not compliant with international auditing standards.
Auditor independence and ethical issues – FRC remains vexed by mention of targets for cross-selling of non-audit services and various issues relating to the independence of partners. FRC is undertaking a review of recent director appointments to identify breaches of ethical standards relating to appointments at entities previously audited by the director.
Audit quality monitoring – Internal auditor quality monitoring often produced more favourable results than FRC reviews, indicating a failure to challenge procedures sufficiently robustly.
Role of Audit Committees
A common thread throughout the FRC report is the importance of scrutiny by the company’s audit committee, or directors where there is no committee.
The audit committee must consider whether lower audit fees may create higher risk through a reduced scope of audit. The audit committee has a key role in ensuring that management has provided all relevant information to auditors and that the auditors have sufficiently challenged this in order to identify potential fraud. Audit committees need to challenge group auditors to explain the extent of their involvement in work performed by auditors of subsidiaries. They should also require audit firms to demonstrate independence not only in form but in substance. Audit committees should question auditors on the results of their internal reviews and on what improvements have been made as a result. Specifically in the financial services area, audit committees should challenge auditors to demonstrate steps taken to achieve necessary improvements in challenging loan loss assumptions and testing internal and IT controls.
Changes for 2013/14
FRC is planning greater interaction with audit committees, including a pilot scheme for discussion with the chair of the audit committee on commencement of each FRC inspection. FRC will also send audit committees copies of its audit reports at the same time as auditors receive them.
FRC intends a greater emphasis on the largest public interest entities, with inspections more proportionate to the potential impact arising from poor audits. The threshold for ‘major audits’ will change; most AIM company audits will no longer qualify. The frequency of audit reviews of some firms will be reduced.
In line with the FRC focus only on the largest audit firms, inspection of around 50 firms with ten or fewer audits within scope (i.e. of large entities) will be delegated in full to the relevant Recognised Supervisory Body, such as ICAEW, subject to the European Commission’s consideration of the extent to which audit regulators may delegate inspection activities to professional bodies. FRC will maintain oversight of the RSB’s arrangements.
FRC is from 2013/14 able to impose sanctions itself rather than only recommending these to the RSB, thereby achieving greater independence from the profession in determining sanctions.
FRC plans more co-operation with regulators internationally, in part due to the rise of Europe-wide accountancy firms.
Two thematic reviews are envisaged: (1) adequacy of auditors’ assessment of the risks of fraud and of compliance with laws and regulations; (2) levels of audit materiality selected by auditors.
A new third country auditor inspection regime commences 2013/14. This involves FRC reviewing a small number of audits undertaken by the 115 non-EU auditors of non-EU incorporated companies that have issued securities on UK regulated markets. Most of these are members of one of the Big Four international networks of accountancy firms.
FRC will itself focus more at the top end of the market, inspecting audits of firms where problems could have a systemic impact. The profession’s own regulatory bodies will undertake all other inspections.
Nevertheless, issues identified by FRC in this report and summarised above need to be taken seriously by auditors, audit committees and others assessing the quality of audit firms.
Professional negligence claims and disciplinary proceedings are likely to result where losses are incurred and auditors cannot demonstrate that they have properly addressed the risks and deficiencies raised by FRC. Ensuring professional scepticism in areas where there is a risk of fraud, challenges to management information especially where there are going concern issues and rigorous testing of systems and controls should be top of the priority list for review, with audit firms ensuring that they have robust training and compliance systems in place themselves in these areas.
Underwriters should focus on the number of financial services companies their insured businesses audit as part of their risk assessment, as well as the profile / experience of staff of any insured conducting audit work.