2020: a year of big changes for auditors?

Last month, Sir Donald Brydon published his final report into UK audit standards. It was the last of a series of reviews, performed by different authorities and individuals, that Theresa May’s government commissioned in 2018 after the high-profile collapse of Carillion.

The wide-ranging inquiry covered various elements of audit, including its regulator, the Financial Reporting Council (FRC); the Big Four accounting firms; auditor procurement and remuneration practices; and market competition and incentives.

Sir Donald, a former chairman of the London Stock Exchange, pulled no punches in his final review and described audit as a profession that has “lost its way”.

“Audit is in need of urgent reform if we are to increase confidence in business and increase the chances of preventing unnecessary corporate failures,” he added.

Sir Donald’s 135-page review contained 64 recommendations. Meanwhile, the Chartered Institute of Internal Auditors (IIA) published a new Code of Practice in January offering a further 38 proposals specifically for the internal audit profession.

So, what recommendations have been made? How will they be enforced? And what could these changes mean for the audit profession, including internal auditors? Let’s try to unpack some of these questions.

Audit profession recommendations

Sir Donald’s report, ‘Assess, Assure and Inform: Improving Audit Quality and Effectiveness’, is a comprehensive examination of the profession, leaving few stones unturned.

We won’t cover all 64 recommendations, but there are a number of headline-grabbing proposals that could spell significant reform for the industry in the years to come.

1. The creation of a standalone audit profession

According to Sir Donald, the audit profession is too important to act primarily as an adjunct to accounting. In other words, auditing should be separated out from accounting and given its own governing principles, qualifications and standards.

“At present, it is an extension of the accounting profession, whose ethics and

(arguably) mindset it largely adopts,” he states in the report.

The process of facilitating this shift would fall on the Audit, Reporting and Governance Authority (Agra), which will be replacing the FRC in the near future and should have expanded powers over its predecessor. The organisation would also be responsible for training and certification for a newly established corporate accounting profession, which could incorporate cyber security specialists and other professionals in addition to traditional auditors.

2. Redefining audits

The report emphasised the importance of broadening the audit mandate. While the purpose of an audit is to help establish and maintain deserved confidence in an organisation, external auditing is currently largely isolated to offering assurance on the accuracy of financial statements.

“Even with this restricted scope, it is only partially meeting even that objective,” Sir Donald observed.

The recommendation, therefore, is to take public interest more into account, with Agra developing a coherent framework for corporate audit that includes – but is not limited to – financial statements. This includes a more comprehensive examination of a company’s fundamentals.

Auditors could also be expected to provide assurance to investors that weakly capitalised companies possess sufficient cash reserves to pay dividends. Both Carillion and Thomas Cook paid multimillion-pound sums to shareholders shortly before they went bust. Shareholders should also be allowed to question auditors at annual general meetings to ensure better scrutiny of the process, according to the report.

3. Greater transparency over profitability

Several recommendations were made with regards to transparency:

  1. A requirement to publish the profitability of audits performed;
  2. The publication of senior statutory auditor remuneration and performance metrics relating to pay;
  3. The disclosure within audit reports of the hours spent by each auditor on audits; and
  4. The adequate separation of teams that negotiate audits fees from the ones that perform the audits.

The Big Four audit firms had previously been criticised by MPs for collecting £72 million in fees from Carillion prior to its collapse.

PwC was also fined £6.5 million for its audit work on BHS. The retailer went into administration barely a year after being sold by Sir Philip Green for £1, with PwC giving its finances the green light. It was later revealed that Steve Denison, a partner at the firm, had spent just two hours on the BHS audit. He was later fined £325,000 and banned from the profession for 15 years.

 

4. Better fraud detection and training

Last year, five people were arrested as part of a £94 million fraud investigation into Patisserie Valerie. The café chain sank into administration after being unable to secure funding when a black hole in its finances was exposed.

Patisserie Valerie’s auditor, Grant Thornton, was grilled by MPs for failing to spot accounting irregularities. At the time, Chief Executive David Dunkley said: “There has to be an acceptance that if there is a sophisticated fraud happening, the auditor may never see it. The audit is not designed to look for fraud.”

Sir Donald clearly disagrees, recommending that Agra should make it clear auditors must reasonably endeavour to detect material fraud. He also suggested regular forensic accounting and fraud awareness training, underpinned by formal qualifications.

The Internal Audit Code of Practice

Former IIA Chief Executive Dr Ian Peters welcomed Sir Donald’s review, urging the government to implement the recommendations as quickly as possible.

“We believe the Brydon recommendations strengthening the requirements on company directors in relation to governance, risk and internal controls should help to raise corporate governance standards,” stated Dr Peters, who stepped down at the end of 2019.

“Strong, effective and well-resourced internal audit functions have a central role to play in supporting boards to step up to the plate and meet these enhanced responsibilities.”

Indeed, hot on the heels of Sir Donald’s report, the IIA published its updated Code of Practice. Of the 38 recommendations made, the organisation highlighted five of the most important areas of change:

  • Unrestricted access: internal auditors should be able to look at any part of the company, as well as crucial management information.
  • Executive committee meetings: the ability to attend and observe these meetings should be extended to auditors.
  • Chief Internal Auditors: These positions should be directly employed within every organisation, even those that outsource their internal audit function.
  • CEO and audit committees: internal auditors should have a direct line to senior individuals as a means of increasing the function’s status.
  • Information sharing: internal and external audit functions should communicate regularly and share information to provide effective assurance. 

The new Internal Audit Code of Practice was commended by various industry groups, including the FRC, the ACCA, the ICAEW, CIMA and ACCIF.

What happens next?

The IIA Code of Practice is a principles-based framework that acts as a benchmark for organisations with internal audit functions. While businesses should aspire to follow the code, it is voluntary and audit departments can (and should) tailor the principles to fit their size, nature and risk profile.

Sir Donald’s review, however, could lead to significant statutory overhauls of the external audit profession. Business Secretary Andrea Leadsom has already said she is committed to reforming the industry, with a white paper on the issue potentially published in spring.

“Audit is in need of urgent reform if we are to increase confidence in business and increase the chances of preventing unnecessary corporate failures,” she explained in December.

“Sir Donald’s review, as well as work carried out by Sir John Kingman and the CMA, will help inform our reform of audit early next year.”

Only time will tell whether Sir Donald’s recommendations will be implemented wholesale or not, but fairly substantial reforms to the auditing profession seem a forgone conclusion.

How will internal auditors be affected?

The impact on internal auditors from large-scale reforms is difficult to predict. Many organisations may choose to map their internal audit functions to closely match the recommendations that the government implements from Sir Donald’s report.

This would ensure companies have a forward-looking approach to statutory audit requirements.

“Internal audit is a vital part of the overall assurance that companies provide their investors and stakeholders, which helps to build trust in business,” said Sir Jon Thompson, CEO of the Financial Reporting Council.

This is a significant time in the evolution of audit in the UK in light of the Kingman, Brydon and CMA reviews.”

Ultimately, our view is that the status of both internal and external auditors will rise in the coming years, with growing collaboration between the functions and an ever-increasing reliance on internal auditors to deliver a crucial third line of defence.

So, if you’re considering the future opportunities for your career in audit, please don’t hesitate to get in touch. At Barclay Simpson, we specialise in recruiting for the interrelated disciplines of governance, including internal audit, and can help you take the next step in your career.

Main image credit: Daniel_Nebreda via Pixabay

Inline image credit: Tumisu via Pixabay