Newsflash – BEIS White Paper: Restoring Trust in Audit and Corporate Governance

The White Paper notes that the UK is consistently placed as one of the leading destinations for foreign investment in Europe and around the world, thanks to the strength of its workforce, innovation, and approach to better regulation. Reliable corporate reporting is vital to well-functioning financial markets, business investment and growth through enabling all interested stakeholders to make an informed assessment of a company’s performance and governance. It helps safeguard investors, creditors, employees, customers, suppliers and the wider public from corporate mismanagement. High quality reporting by directors allied with robust and challenging external audit should give confidence to all those with an interest in a company’s activities, position and prospects. The point is made that whilst corporate failure can happen, it should rarely be a surprise.

The Government believes that fundamental reform of the framework underpinning audit and corporate reporting is needed to rebuild public trust in the way the largest companies are run and scrutinised. The UK has long held a hard-earned reputation for high standards of corporate governance and robust protections for investors and other stakeholders, and this is vital to making the UK attractive to international business and investment. The White Paper proposals represent steps to address the weaknesses and lack of accountability that the Kingman, Brydon and CMA reviews have highlighted so that this reputation can be maintained and enhanced.

Recognising the extensiveness of this paper and the challenges of the current environment, BEIS has allowed a sixteen week consultation period. Responses should be submitted to BEIS by 8 July 2021. The paper makes clear that there is no need to respond to every element of the paper. The department is keen to gather as many views as possible and we encourage you all to provide input to this very important once in a generation consultation on the future of many aspects of UK corporate activity.

The FRC is planning an extensive series of engagement activities on the matters covered in the consultation paper and we encourage you to participate where possible.

Quote from Kwasi Kwarteng, Secretary of State for Business, Energy & Industrial Strategy

“It is vital that investors, financial markets and all those who depend on the largest companies in the UK can continue to rely on the information they publish. I am determined to reinforce the UK’s position in the wake of large corporate failures that have led to job losses and uncertainty among small businesses and local communities. I want to ensure investors can get high quality, focused and reliable information on UK companies so they can invest here with even greater confidence.”

Quote from Sir Jon Thompson, CEO Financial Reporting Council

“I welcome today’s publication as a significant milestone towards setting up a new, robust and independent regulator, which has the necessary powers to deliver its objectives, and on the ambitions set out in the three independent reviews.

We will now work with colleagues in government and other regulators to ensure that the UK has an effective and clear regulatory framework, well understood by those we regulate and which supports high standards of audit, corporate reporting and corporate governance; helping to reinforce the United Kingdom’s position as a key global centre for investors and businesses.”

Quote from Stephen Griggs, UK Managing Partner, Deloitte

“We’ve been consistent in our support for reform as the need for change is clear. It is important that changes in audit are complemented by reforms to the governance of the UK’s largest and most complex businesses and those with a significant impact on public interest. Defining which entities are captured by new reforms is key to ensuring they are focused where they are most needed, not on smaller entrepreneurial businesses.

“It is critical that input into the consultation is given not just by audit firms and policymakers, but investors, company directors, audit committee chairs and industry bodies at large. Only widespread input from across the business community will ensure audit and the whole corporate governance regime evolves to better meet society’s expectations.”

It is a long document and this summary reflects that. We have organised this briefing into sections and have summarised the most significant proposals:

• Proposals in relation to the responsibilities of, and reporting by directors
• Proposals impacting the work of audit committees
• Proposals on the future of audit
• Proposals for the future of the FRC
• Proposals for the investor community

1. New regulatory regime for directors

Original recommendation – The Review recommends that the Government, working with the new regulator, should task the regulator to develop detailed proposals for an effective enforcement regime in relation to Public Interest Entities that holds relevant directors to account for their duties to prepare and approve true and fair accounts and compliant corporate reports, and to deal openly and honestly with auditors. The Review recommends that this should apply to: a company’s CEO, CFO, chair, and audit committee chair. (Source: Kingman 36)

Proposal (Section 5.1) – The Government intends to legislate to provide ARGA with the necessary powers to investigate and sanction breaches of corporate reporting and audit-related responsibilities by PIE directors. The proposed regime will give the regulator new powers to take civil (not criminal) enforcement action against PIE directors in relation to breaches of existing PIE directors’ duties relating to corporate reporting and audit (and any new duties which are introduced further to this consultation, for example in relation to internal controls). Under the proposals, directors’ disqualification proceedings would remain with the Insolvency Service, so ARGA would continue to refer cases to the Insolvency Service where appropriate.

The proposal is aimed at all PIE directors rather a specific sub-set of the board following concerns that if the proposal were to focus on four specific director roles, as suggested by the Review, this would undermine the collective responsibility of the board.

The proposal is aimed at all PIE directors rather a specific sub-set of the board following concerns that if the proposal were to focus on four specific director roles, as suggested by the Review, this would undermine the collective responsibility of the board.

• the duty to keep adequate accounting records;
• the duty to approve accounts only if they give a true and fair view;
• the duty to approve and sign the annual accounts;
• the duty to approve the directors’ report; and
• the duty to provide a statement as to disclosure to auditors and to provide information or explanations at the request of the auditor.

ARGA will also be given the power to impose more detailed requirements as to how certain statutory duties relating to corporate reporting and audit are to be met by directors.

The Government believes that this regime can be complemented by giving further attention to contractual provisions in directors’ remuneration arrangements concerning malus and clawback to ensure that remuneration can be withheld or recovered in the event of serious director failings. Initially this will be done by asking ARGA to consult on changes to the UK Corporate Governance Code to include provisions which recommend that certain minimum clawback conditions or “trigger points” are included in directors’ remuneration arrangements and that these have a minimum period of application of at least two years after an award is made.

2. Exploring options for attestation on internal controls

Original recommendation - BEIS should give serious consideration to the case for a strengthened framework around internal controls in the UK, learning any relevant lessons from operation of the Sarbanes-Oxley regime in the US. The pros and cons of options for change should be analysed and consulted upon, giving special consideration to the importance of proportionality in relation to the size of the company. (Source: Kingman 51)

PLUS I recommend that the Government gives serious consideration to mandating a UK Internal Controls Statement consisting of a signed attestation by the CEO and CFO to the Board that an evaluation of the effectiveness of the company’s internal controls over financial reporting has been completed and whether or not they were effective, as in SOX 302(c) and (d). This attestation should be received by the Board no later than 28 days before the accounts of the company for the relevant financial period are signed. The Board should then report to shareholders that it has received such an attestation. (Source: Brydon 13.1.8)

Proposal (Section 2.1) – Views are sought on the following three options, which are not intended to be mutually exclusive:

• Company directors should be required to carry out a review of the effectiveness of their company’s internal controls each year and make a statement, as part of the annual report, as to whether they consider them to have operated effectively. The statement should disclose the benchmark system used and explain how the directors have assured themselves that it is appropriate to make the statement.
• The audit report should describe the work the auditor is already required to do to understand the company’s internal control systems to the extent needed to perform the audit, and to state how that work has influenced the audit, but without a formal auditor opinion on the internal controls’ effectiveness being required.
• The auditor should be required to provide a formal opinion on the directors’ annual attestation about the effectiveness of the company’s internal controls, potentially limited to key internal controls over financial reporting, or a sub-set of that.

The Government has set out a tentative preferred option which would require a directors’ statement about the effectiveness of the internal controls, but (unlike the US’s approach to internal controls which mandates external auditor attestation in most cases) leave the decision on whether the statement should be assured by an external auditor to the directors, audit committee and shareholders. The paper makes clear that this preferred option is not intended to shut down discussion of alternatives.

3. Publication of principal risks & audit plan for engagement with shareholders

Original recommendation – I recommend that the directors’ Risk Report should be published prior to the audit committee meeting at which the scope of the next audit is determined and endorsed, leaving sufficient time for shareholders to comment. Alongside, the audit committee should publish a formal invitation to shareholders to express any requests they have regarding the areas of emphasis they wish the auditor to incorporate in the audit plan. The audit committee should state the auditor’s proposed materiality levels for the forthcoming audit with this invitation. (Source: Brydon 9.1.4)

Proposal (Section 7.3) – The Government agrees that a formal mechanism should be established to enable audit committees to gather shareholder views on the audit plan. The Government is clear, however, that shareholder views should be purely advisory in nature and supplemental to the auditor’s to ensure that the auditor retains autonomy for the way the audit is conducted. While a wide range of risks affecting the audited entity will be of interest to shareholders, the auditor should not be required to consider proposals which fall outside of the scope of the company audit.

The proposals support the view that shareholders would benefit from having access to the latest assessment of principal risks but the Government believes that the audit committee should only be expected to make an additional disclosure if there has been a material change to the principal risks facing the company since those already disclosed in the last annual or interim report. Where suggestions for consideration from shareholders go wider than issues that can be considered as part of the company audit (for example business or strategic risks), these could be considered as part of the proposed Audit and Assurance Policy (see below).

The audit committee would take responsibility for setting out in its report in the annual report which shareholder suggestions put forward for consideration had been accepted or rejected by the auditor.

Initially it is proposed that this should apply only to the audit committees of premium listed companies and be introduced through a change to the UK Corporate Governance Code (and/or associated guidance for audit committees).

4. The Resilience Statement

Original recommendation – I recommend the board should make a Resilience Statement that incorporates, enhances and builds on the Going Concern and Viability Statements. (Source: Brydon 18.1.2)

Proposal (Section 3.1) – The Government proposes to introduce a statutory requirement on public interest entities to publish an annual Resilience Statement, consolidating and building on the existing going concern and viability statements. The Government proposes that the Resilience Statement should be required initially of premium listed companies, in view of their existing experience of producing viability statements, and should extend to other public interest entities two years later.

The Government accepts the Brydon Review proposal that the Resilience Statement should address business resilience over the short, medium and long-term.

The short-term section of the Statement would incorporate companies’ existing going concern statement, including disclosure of any material uncertainties considered by management during their going concern assessment, which were subsequently determined not to be material after the use of significant judgement and/or the introduction of mitigating action.

The medium term section of the Statement would incorporate the existing viability statement requirements to provide an assessment of the company’s prospects and resilience, and to address matters which may threaten the company’s ability to continue in operation and meet its financial liabilities as they fall due. However, the Government proposes a mandatory assessment period of five years, rather than the three year period currently chosen by most companies who produce viability statements. The Government is keen that companies do more to evidence scenario planning and intends, at this stage, to require companies to include at least two reverse stress testing scenarios in their Resilience Statement.

The Government is also proposing to require further specific disclosures in both the short and medium-term sections of the Resilience Statement. These might include:

• threats to liquidity, solvency and business continuity in response to a major disruptive event (such as a pandemic) which disrupts normal trading conditions;
• supply chain resilience and any other areas of significant business dependency (e.g. on particular markets, products or services);
• digital security risks (including both external cyber security threats, and the risk of major data breaches arising from internal lapses);
• the business investment needs of the company to remain productive and viable;
• the sustainability of the company’s dividend and wider distribution policy; and
• climate change risk.

The content of the long-term section will not be prescribed but should set out what the directors of the company consider to be the main long-term challenges to the company and its business model, and how these are being addressed. These might include the impact of long-term changes in demographics, technology, consumer preferences and other identified trends on the company’s long-term business model. The Government is seeking views on whether the Resilience Statement could provide a means for companies in future to provide disclosures consistent with the recommendations of the Taskforce on Climate-related Financial Disclosures (TCFD), in whole or part.

The Government’s preferred implementation route at this stage is to implement the Resilience Statement through legislation as a new section of the existing Strategic Report, supported by non-statutory guidance to be maintained by ARGA.

5. Options for assurance on “Front Half” areas such as climate, APMs and KPIs

Original recommendation – I recommend that Alternative Performance Measures and Key Performance Indicators should be subject to audit. (Source: Brydon 20.1.5 & 20.2.8) PLUS In the world of audit beyond today’s statutory audit, a similar process for setting scope would be followed. Here the breadth of the discretionary audit scope would be proposed by the audit committee in the same way. Now, at the same time, it would be open to the audit committee to indicate its intention that CO2 emissions, or published oil reserves, for example, are to be subjected to an audit process. The audit committee invitation to shareholders would include reference to the information which they wish to have audited and in what manner. (Source: Brydon 9.2.2/3)

Proposal (Section 6.7) – The proposed Audit and Assurance Policy (see below) process will empower investors to ask companies to obtain specific assurance on Alternative Performance Measures (APMs) and Key Performance Indicators (KPIs) linked to remuneration, beyond any arising from the statutory audit of the financial statements, should they wish to do so. The Government also notes that companies may wish to engage a different firm to provide specific assurance on APMs or KPIs linked to remuneration, in particular non-financial KPIs for which specialist expertise is needed (e.g. employee satisfaction metrics, carbon emissions or oil reserves). It therefore cannot be assumed that the statutory auditor is always best placed to provide any assurance which companies and their shareholders may wish to obtain. The Audit and Assurance Policy will enable companies to explain their rationale for proposing to engage a particular firm and invite shareholders’ views as appropriate.

6. Capital maintenance

Original recommendation – I recommend that the directors, in proposing a dividend, would need to make a statement that the payment of this dividend in no way threatens the existence of the company in the ensuing, say, two years in the light of the risk analysis undertaken. The directors should also confirm that this statement is consistent with the Resilience Statement, has been assured in accordance with the Audit and Assurance Policy and that this dividend is within known distributable reserves. [A] dividend can only be recommended by the directors if the level of the distributable reserves is established and payment of that dividend is consistent with obligations of the directors under the Companies Act and consistent with the Resilience Statement. (Source: Brydon 19.7 & 19.8)

Proposal (Section 2.2) – The following reforms are proposed in relation to dividends and capital maintenance:

• companies (the parent company in the case of a group) should disclose the total amount of reserves that are distributable, or – if this is not possible – disclose the “known” distributable reserve, which must be greater than any proposed dividend;
• in the case of a group, the parent company should provide an estimate of distributable reserves across the group; and
• directors should state that any proposed dividend is within known distributable reserves and that payment of the dividend will not, in the directors’ reasonable expectation, threaten the solvency of the company over the next two years.

Views are invited on proposals to give ARGA new powers in relation to how companies should calculate their distributable reserves. Currently, guidance in this area rests with the professional accountancy bodies.

7. Directors’ obligations in relation to fraud

Original recommendation – I recommend that directors should report on the actions they have taken to fulfil their obligations to prevent and detect material fraud against the background of their fraud risk assessment. (Source: Brydon 14.2.2)

Proposal (Section 6.4) – The Government proposes to legislate to require directors of Public Interest Entities to report on the steps they have taken to prevent and detect material fraud and believes that this will reinforce directors’ primary responsibility for fraud prevention and detection and may also, in some cases, enhance their focus on the risks relating to fraudulent financial reporting.

8. Payment practices

Original recommendation – I recommend that directors report to shareholders on their company’s payment policies and performance and that this be subject to some level of audit, as described in the company’s Audit and Assurance Policy. (Source: Brydon 21.5)

Proposal (Section 3.3) – A specific option being considered is to require the annual reports of PIEs to provide a summary of how the company – or group in the case of a parent company – has performed with regard to supplier payments over the previous reporting year, and to comment on how this compares to the year before that. This could be achieved by requiring companies to include this information in their strategic report.

The Government suggests at this stage that companies in scope could be required to summarise (at a group level in the case of parent companies):

• the company’s supplier payments policy, including its standard payment terms and shortest and longest standard payment period;
• the percentage of the company’s supplier payments that met its standard terms and, where this figure is less than 80%, an explanation of why this occurred and what actions the company plans to take to improve its payments record; and
• where such an explanation was required in the previous year’s annual report, an update in the following year’s report on the actions that were taken to improve the payments record and any additional steps proposed.

9. Supervision of corporate reporting

Original recommendation – The Review recommends that the new regulator should be given a power to direct changes to accounts rather than having to go to court. (Source: Kingman 25) PLUS The Review recommends that CRR findings are reported publicly by the regulator. The regulator should publish full correspondence following all CRR reviews, and the findings should be published in a set timeframe. (Source: Kingman 26) PLUS The Review recommends that the stronger corporate reporting review process described earlier should be extended to cover the entire annual report, including corporate governance reporting. This should be done on the basis of risk. (Source: Kingman 29) PLUS The Government, working with the FCA and the new regulator, should consider whether there is a case for strengthening qualitative regulation around a wider range of investor information than is covered by the FRC’s existing corporate reporting work, to ensure that disciplines to drive up the quality of companies’ disclosures in the UK are at least as demanding as best practice internationally. (Source: Kingman 30)

Proposal (Section 4.2) – The Government will replace the regulator’s current power to seek a court order with a power to direct changes to reports and accounts. The Government will give the regulator powers allowing it to publish correspondence entered into during the course of a CRR review, as well as summary findings. The Government will also legislate to extend both the existing power to request information from companies and the new power to direct changes to accounts to cover the entire content of the annual report. The Government has asked the FRC to undertake a pilot study of preliminary results and investor presentations, working with the FCA, to establish the extent of any inconsistencies between this information and the subsequent annual report and accounts. The FRC, FCA and the Government will review outcomes from the study once it is complete. If the conclusion is that applying the CRR process to a wider range of investor information has the potential to increase its quality and reliability and help strengthen the existing market supervisory regime, it should become a permanent feature of the regulator’s work. If that is the case, and subject to any further views from consultees, the Government will ensure that the regulator is given the additional powers needed to undertake this work effectively.

10. Definition of public interest entity

Original recommendation – The Government should review the UK’s definition of a PIE. (Source: Kingman 18)

Proposal (Section 1.3) – The Government believes that regulation by ARGA should focus on public interest entities. Auditors and audits of those entities are already subject to more stringent requirements and oversight. The Government intends to introduce a wider definition of ‘public interest entity’ to ensure that large businesses which are of public importance are subject to appropriate regulation.

Private companies - The Government proposes to extend the UK’s PIE definition to include large companies within certain limits regardless of whether they are admitted to trading on a regulated market. Two options have been put forward:

Option 1: Adopting the test used to identify those large companies which are already required to include a corporate governance statement in their directors’ report, i.e. all companies with either:

• more than 2,000 employees; or
• a turnover of more than £200 million and a balance sheet of more than £2 billion.

Option 2: a narrower test which incorporates the threshold for additional non-financial reporting requirements for existing PIEs, and would mean the definition of a PIE was only extended to large companies with both:

• over 500 employees, and
• a turnover of more than £500 million

It is estimated that Option 1 would mean that approximately 1,960 entities would be brought within the definition of a Public Interest Entity, whereas option 2 would mean around 1,060 additional entities being caught by the definition.

AIM companies - The Government intends that any new definition of PIE should also include companies on the exchange-regulated AIM market with a market capitalisation above €200m.

Newly listed companies – The Government is considering whether to make the transition to listed status easier by making compliance with some or all of the proposed new PIE requirements optional for a period of time after flotation, subject to gross revenues remaining below a specified threshold.

1. Regulatory framework for audit committees

Original recommendation – Robust regulatory oversight of the committees that run the selection for audited companies, and oversee the audit, to make them more accountable and ensure that they prioritise audit quality. (Source: CMA)

Proposal (Section 7.1) – The Government proposes to require ARGA to impose additional requirements on audit committees in relation to the appointment and oversight of auditors. These requirements will cover the need for audit committees to continuously monitor audit quality, and consistently demand challenge and scepticism from auditors. The requirements set by the regulator will initially apply in relation to audit committees of FTSE 350 companies and will set minimum standards which audit committees will be free to exceed as they wish. The Government is also proposing regulatory powers for ARGA where problems exist, such as when an auditor resigns, when a public interest entity (PIE) is unable to find an auditor and when a persistent issue with audit quality is identified.

The Government proposes to impose a duty on ARGA to monitor compliance with the new audit committee requirements, including through a power to require information and/or reports from audit committees, and a power to place an observer on audit committees if necessary. ARGA will have the power to take action in relation to breaches of the new audit committee requirements.

2. The Audit & Assurance Policy

Original recommendation – I recommend that the audit committee publish a three-year rolling Audit and Assurance Policy which would be put to an annual advisory vote by shareholders for approval at the Annual General Meeting. (Source: Brydon 10.0.3)

Proposal (Section 3.2) – The Government agrees with the Brydon Review recommendation and proposes to introduce a statutory requirement on public interest entities to publish an annual Audit and Assurance Policy that describes the company’s approach to seeking assurance of its reported information over the next three years. In the case of quoted public listed entities, the Policy would be subject to an advisory shareholder vote at the time of its publication. The Government is minded that the Policy would be required initially of premium listed companies, and extend to other public interest entities two years later.

The Government invites views on whether the Policy should include the following at a minimum:

• An explanation of what independent assurance, if any, the company intends to obtain in the next three years in relation to the annual report and other company disclosures beyond required by statutory audit. The Government proposes that this should include an explanation of what independent assurance, if any, the company plans to obtain in relation to:
  
  − the company’s Resilience Statement in whole or part, and other disclosures related to risk; and
  
  − the effectiveness of the company’s internal controls framework.
• A description of the company’s internal auditing and assurance processes. This might include how management conclusions and judgements in the annual report and accounts can be challenged and verified internally, and whether, and if so how, the company is proposing to strengthen its internal audit and assurance capabilities over the next three years.
• A description of what policies the company may have in relation to the tendering of external audit services (for example, whether the company is prepared to allow the external company auditor to provide permitted non-audit services).
• An explanation of whether, and if so how, shareholder and employee views have been taken into account in the formulation of the Audit and Assurance Policy.

1. A new professional body for corporate auditors

Original recommendation – I recommend that ARGA acts as the midwife to create a new profession of corporate auditing, establishing the necessary professional body, to encompass today’s auditors and others with appropriate education and authorisation. ARGA would be the statutory supervisory body for that profession. (Source: Brydon 6.0.11)

Proposal (Section 6.9) – The audit, done well, should be an ally of good business behaviour and a spur to directors to meet their legal obligations to shareholders, creditors and other stakeholders, which ultimately serves the public interest. Auditors check for directors’ compliance with legal duties and accounting standards and provide an opinion that the accounts are free from material misstatement. That is important, but it does not address the increasing expectations of shareholders and other users of company reporting that the audit report should be more forward looking and informative.

The Government is clear that reform is needed to drive a new auditor mindset and to strengthen the resilience and integrity of the audit market. Central to achieving this is the proposed creation of a new, stand-alone audit profession, underpinned by a common purpose and principles – including a clear public interest focus – and with a reach across all forms of corporate reporting, not just the financial statements.

2. Principles of Corporate Auditing

Original recommendation – I recommend that the Principles of Corporate Auditing should be established to form an overarching framework governing the behaviour of corporate auditors, and that standards and rules should sit within this framework. (Source: Brydon 6.3.4)

Proposal (Section 6.3) – The Government is minded to introduce a new legal framework to empower the regulator to set and enforce new principles of corporate auditing that would apply to both statutory auditors and those appointed to provide auditing services via the Audit & Assurance Policy. It commends the principles suggested by the Brydon Review as a starting point for the regulator’s consideration, along with responses to this consultation.

3. Enhanced reporting by auditors

Original recommendation – I recommend that auditors should be free to include original information, materially useful to a wide range of users, in their audit report and at the AGM, and not be confined to commenting on that which has already been stated by directors. (Source: Brydon 5.3.2) PLUS I recommend that this obligation should be extended to material outside the Annual Report that is used in investor presentations and RNS announcements. (Source: Brydon 5.3.12)

Proposal (Section 6.5) – The Government intends to legislate to require auditors of Public Interest Entities, as part of their statutory audit, to report on the work they performed to conclude whether the proposed directors’ statement regarding actions taken to prevent and detect material fraud is factually accurate. Such reporting will enable users to understand the nature and extent of the work performed and the evidence obtained by the auditors relating to the actions which the directors state they have taken.

The Government is minded to give auditors a specific responsibility to consider relevant director conduct and wider financial or other information in reaching their judgements, in particular whether financial statements give a “true and fair view”. This would be a statutory requirement of auditors. The requirement would not require the additional information to be audited, but the auditor would be expected to shape their work on the financial statements according to this broader understanding of the company’s position and strategy.

In relation to graduated findings, the FRC has agreed to consider the recommendations of the Brydon Review and the FRC Review relating to auditor reporting holistically, and will consult, as appropriate, on any proposed changes to its standards. In doing so, it will seek to balance promoting innovation and competition amongst auditors with the potential benefits, in terms of comparability between companies, of a common framework for enhanced reporting.

In relation to amending the “true and fair” opinion, the Government supports developing a new user guide to audit and the FRC has agreed to take this forward. The Government considers this is likely to prove more effective in improving user understanding than replacing “true and fair” in audit reports with “present fairly, in all material respects”. Changing the wording of the legislative test also carries the risk of unintended consequences. A new user guide could explain how the true and fair requirement is applied by auditors in practice, making clear that this involves an assessment of whether key accounting estimates and judgements underlying the numbers reported in the financial statements are both reasonable and adequately disclosed.

4. Publication of AQR reports

Original recommendation – The Review recommends that the new regulator should work towards a position where individual audit quality inspection reports, including gradings, are published in full upon completion of AQRs. This will, however, be a major step, requiring a high level of confidence in the AQR process. For the present, as a first and interim step, the Review recommends publication of AQR reports on an anonymised basis. (Source: Kingman 20)

Proposal (Section 9.2) – To ensure higher levels of transparency as to the performance of PIE auditors, the Government intends to legislate to allow AQR reports on individual audits to be published by the regulator without the need for consent from the audit firm and the audited entity. The regulator will be free to decide whether this is publication “in full” or in summary form. The Government will put in place safeguards to prohibit the publication of sensitive information about audited entities.

5. Managed shared audits

Original recommendation – Mandatory joint audit, to increase the capacity of challenger firms, to increase choice in the market and thereby drive up audit quality. There should be initial limited exceptions to the requirement, based on criteria set by the regulator – mainly the largest and most complex companies. Any company choosing a sole challenger auditor should also be exempt. Audits of exempt companies may be subject to rigorous, realtime peer reviews commissioned by and reporting to the regulator. (Source: CMA)

Proposal (Section 8.1) – The core of the Government’s proposal is a managed shared audit requirement for UK-registered FTSE 350 companies. This form of shared audit would see an audit firm appointed to lead the group audit, for which it bears the overall responsibility and liability. When tendering the statutory audits of entities within the group, companies would be required to appoint a Challenger audit firm to conduct a meaningful proportion of the statutory audits. The requirement would apply across the FTSE 350, giving the audit firms the opportunity to gain exposure to the statutory audit engagements and audit committees of the largest and most complex companies, and giving those companies greater choice of auditor.

‘Meaningful’ would be defined and calculated with reference to one or more of the total audit fee (in the prior year), group revenues, profits and assets of the company, with the Challenger’s proportion to be no less than 10% of these criteria and preferably closer to 30%. The requirement would be phased in by requiring companies, acting through their audit committees, to adopt Managed Shared Audit when their audit contract is re-tendered, rather than at an annual reappointment.

A reserve power for the Secretary of State is proposed to allow the regulator to introduce a market share cap. This would be operated following a joint review by BEIS and the regulator, if mandatory shared audits do not bring about the desired change to the FTSE 350 audit market within a reasonable period of time.

6. Operational separation

Original recommendation – An operational split between the audit and non-audit practices of the Big Four. (Source: CMA)

Proposal (Section 8.2) – The Government has taken account of the CMA’s recommendations alongside responses to the 2019 consultation and has reached the view that there is merit in taking steps to reform the balance of incentives and working culture within audit firms while maintaining their multidisciplinary structure. The Government proposes to require:

• the strengthening of governance within audit practices through the creation of independent Audit Boards within firms;
• Audit Boards to have oversight of audit partner remuneration and ensure it is linked to audit quality;
• the publication of a separate profit and loss account for the audit practice, accounting for cross subsidies between the audit practice and the rest of the firm through arm’s-length transfer pricing; and
• regulatory oversight of the remuneration of audit partners, with a view to supporting policies and practices that reward high-quality audits.

In terms of scope, the Government envisages that the measures described below will apply initially to audit firms who carry out statutory audits of 15% or more of the FTSE 350 by audit fees. This percentage could be reduced in future to create a level playing field for all audit practices in the market. Alongside these proposals, the Government intends to require the publication of separate financial profit and loss financial statements for audit practices. The final strand of the Government’s proposals is to provide powers for the regulatory oversight of audit partners’ remuneration structures to ensure that partners’ incentives are effectively aligned to audit quality.

1. Establishment of the Audit, Reporting & Governance Authority (ARGA)

Original recommendation – The Review recommends that the FRC should be replaced as soon as possible with a new independent regulator with clear statutory powers and objectives. (Source: Kingman 1)

Proposal (Section 10) – The Government proposes to establish the ARGA by bringing forward the necessary legislation when Parliamentary time allows and welcomes the work that has already been taken forward under new leadership at FRC where legislation is not required. ARGA will have clearly defined roles and powers and will be empowered to exercise its expert judgement to further its objectives.

The Government intends to legislate to give ARGA the following general objective which will apply when it is carrying out its policy-making functions: "to protect and promote the interests of investors, other users of corporate reporting and the wider public interest."

In addition to the points noted above in relation to an advisory shareholder vote on risk and audit planning, the Government proposes to encourage better engagement with the auditor by inviting the regulator to revise its guidance to audit committees to encourage questions from shareholders about the company audit. The Government also invites the regulator to consider revisions to its guidance on the recently revised Stewardship Code to promote greater engagement from investors on matters relating to audit quality.

The Brydon Review recommended establishing a new body, independent of the regulator and comprising solely users of audit to provide a strong forum for considering audit matters from users’ perspectives. The Government will work with the regulator and the Investment Association to ensure that the the Audit Users Review Board’s terms of reference reflect the importance of a more “user driven” audit. Advice from the AURB will help the regulator to act consistently with its new general objective to protect and promote the interests of investors and users of accounts.

The Brydon Review was concerned that shareholders lacked a confidential channel through which to raise concerns about individual audits, and called for a mechanism to be established to facilitate shareholder engagement with the regulator. The Government expects the regulator to publicise the existing channels through which shareholders are able to raise issues regarding individual audits, and publicise the confidentiality of the complaints procedure.

Joint audit – the Government has identified significant barriers to implementing the remedies identified by the CMA. These barriers are the ability of challenger firms to grow and increase capability in order to undertake larger more complex audits and the joint and several liability risks associated with the CMA’s preferred solution of joint audit.

Public Interest Statement – At this stage, the Government is minded to keep under review the case for a public interest statement but not introduce a new statutory requirement within this current reform package. The Financial Reporting Council’s October 2020 discussion paper on ‘The Future of Corporate Reporting’ includes ideas for how a public interest report might be designed, while building and complementing existing reporting requirements. Comments received in response to this consultation and in response to the FRC discussion paper will help inform the Government’s and the FRC’s further consideration of the issue.

Whistleblowing – The Brydon Review recommended that workers should have legal protection for whistleblowing disclosures made to audit firms and audit partners, as well as directly to the regulator. It also recommended that Statutory Auditors for PIEs be added to the list of prescribed persons to whom workers can make a protected disclosure. The Government welcomes the intent of this recommendation but is not convinced that it would be appropriate to follow it.

To balance the urgency of audit reform with its desire to manage additional requirements on businesses, the Government intends to take the following overall approach:

• In general, measures that do not directly impact on businesses would be brought into effect quickly. This is intended to include:
  
  − measures associated with establishing the new regulator, including the powers and duties of the regulator; and
  
  − measures that do not take effect until something else is done (for example, powers to make legislation which will require the further approval of Parliament).
• Measures with significant impacts on those regulated by the new regulator would be commenced quickly, but transition periods and/or phasing (particularly for those newly in scope of the regulator) may be appropriate to ensure a smooth introduction.
• Measures with significant impacts on wider business are most likely to be considered for later commencement, a transition period and/or phasing. In particular this would include the proposed extension of the definition of Public Interest Entities and introduction of a stronger internal controls regime.

The consultation paper is accompanied by a regulatory impact assessment which examines the cost and benefits of implementation of the proposals. There are a number of proposals which the Government has analysed as having a potentially significant cost impact, including:

• Introduction of a board attestation on the effectiveness of internal controls over financial reporting (depending on which option is chosen)
• Increasing the scrutiny of audit committees
• Extension of the definition of public interest entity
• Preparation of payment practices reports
• Measures to boost resilience through increasing choice in the audit market