On 18 December 2019, Sir Donald Brydon sent a report setting out his personal views on the quality and effectiveness of audit to the Secretary of State.
On undertaking the review, Sir Donald received 120 submissions, totalling 2,500 pages, and held more than 150 meetings with regulators, auditors, investors, companies and professional services firms.
It is a long report with detailed and innovative proposals in a range of areas and it highlights the changing public-interest responsibilities of business and recognises that society expects corporate reporting to be broader and more relevant than at present. As part of that, Sir Donald is challenging auditors to play their part in making audit more informative to a broader group of stakeholders. Recognising the complexity of this part of the governance eco-system, the review also includes recommendations about the behaviour of directors, audit committees, shareholders and regulators and about actions that can be taken by all four to create an environment which will permit better and more effective audit.
A high level summary of the recommendations is set out below. The full report is available to download here.
A redefinition of audit and its purpose
“The purpose of an audit is to help establish and maintain deserved confidence in a company, in its directors and in the information for which they have responsibility to report, including the financial statements.”
In addition, Sir Donald suggests that there should be clarity and reinforcement of the need for auditors to provide decision useful information to the users of audit reports. Significantly that information should, on occasion, include original information (i.e. information not produced by the audited company for disclosure) that is likely to have a material impact on users’ decisions.
New Principles of Corporate Auditing (see below) include a statement that auditors act in the public interest and have regard to the interests of the users of their report beyond solely those of shareholders.
The creation of a corporate auditing profession governed by principles
At present auditing is an extension of the accounting profession. Sir Donald believes that it should be an independent profession in its own right, with its own governing principles, qualifications and standards. To achieve this, he recommends that:
“ARGA should facilitate the establishment of a corporate auditing profession based on a core set of principles. ARGA should be the statutory regulator of that profession. In doing so, I recommend that ARGA develops a coherent framework for corporate audit that includes but is not limited to the statutory audit of financial statements.”
A set of principles, ‘The Principles of Corporate Auditing’, has been put forward in the report which it is proposed should apply to all “corporate auditors” which would include the statutory auditors of the financial statements and auditors of other corporate information. The intention is that ARGA should assess how auditors have followed the audit principles as part of their annual Audit Quality Reviews.
The introduction of suspicion into the qualities of auditing
The Report introduces, in addition to the existing concept of professional scepticism, the need for professional suspicion. It is recommended that ARGA should revisit the existing definition of professional judgment with a view to strengthening, and demonstrating better, the use of judgment in audit.
The extension of the concept of auditing to areas beyond financial statements
The audit report should also include a new section in which the auditor states whether the director’s section 172 statement is based on observed reality, on the basis of the auditor’s knowledge of the company and its processes.
Mechanisms to encourage greater engagement of shareholders with audit and auditors
There are a number of recommendations aimed at enabling and encouraging a company’s shareholders to influence the scope of the audit, and to hold the Audit Committee and auditor to account. Sir Donald recommends a process be established in which the company’s shareholders are given a formal opportunity to propose any matters they wish to be covered in the audit. It is also proposed that there should be a standing item on audit at the company’s general meeting, to permit questioning of the Audit Committee Chair and the auditor.
Sir Donald proposes that the Audit Quality Forum should be replaced with a new body, the Audit Users Review Board, to be co-ordinated by the Investment Association and bringing together a range of users of audit, including the Audit Committee Chairs Independent Forum, The 100 Group, institutional and retail shareholder representatives, and other users.
A change to the language of the opinion given by auditors
The Report highlights the growing challenge in using ‘true and fair’ as a descriptor of financial reporting given that corporate accounting increasingly involves the use of estimates and judgments. Sir Donald recommends that ‘true and fair’ be replaced in UK company law with the term ‘present fairly, in all material respects’. This should sit with a legal obligation on directors to state that the financial accounts they present each year have been fairly presented in all material respects.
The report further recommends the following enhancements to the audit report:
New reporting by directors - the introduction of a corporate Audit and Assurance Policy, a Resilience Statement and a Public Interest Statement
To help frame the role of the auditor(s) and to make clearer the extent of all assurance in regard to the information they communicate, it is recommended that directors present a three-year rolling Audit and Assurance Policy to the shareholders. This should indicate their approach to the appointment of auditors, the scope and materiality of all auditing (including that of the financial statements), the assurance budget and the relationship of any audit to identified risks. Shareholders would be invited to express their views on this policy in an advisory vote.
In addition, directors should publish their statement of principal risks and uncertainties before determining the scope of each year’s audit and actively seek shareholder and other views on the appropriate emphases. Plus it is recommended that a ‘Resilience Statement’ should replace the existing going concern and viability statements. The ‘Resilience Statement’ would incorporate a going concern opinion for the short term, a statement of resilience in the medium term and a consideration of the risks to resilience in the long term.
The ‘Public Interest Statement’ would require the directors to explain the company’s view of its obligations to the public interest, whether arising from statutory, self-determined or other obligations, and how the company has acted to meet this public interest over the previous year.
Sir Donald sets out recommendations for the role auditors would be obliged to play in providing assurance in relation to these statements.
Suggestions to inform the work of BEIS on internal controls and improve clarity on capital maintenance
In support of the recommendation made by Sir John Kingman for consideration of an enhanced framework for internal controls, Sir Donald has recommended that:
“The CEO and CFO provide an annual attestation to the board of directors as to the effectiveness of the company’s internal controls over financial reporting and that this attestation be guided by new principles on internal controls reporting to be developed by the Audit Committee Chairs Independent Forum and endorsed by ARGA.”
It is proposed that companies be required to disclose when any material failure of their internal controls has taken place and that a disclosed failure would lead to the new CEO/CFO attestation being subject to audit for the following three reporting years.
With regard to the Capital Maintenance Regime, Sir Donald recommends that the directors, in proposing a dividend, need to make a statement that the payment in no way threatens the existence of the company in the ensuing two years and that this dividend is within known distributable reserves.
For a company where it is likely that distributable reserves are deemed “similar” in size to a proposed dividend, Sir Donald believes that the dividend should only be recommended by the directors if the level of the distributable reserves is established and payment of that dividend is consistent with obligations of the directors under the Companies Act and consistent with the new Resilience Statement. These distributable reserves should be subject to audit.
Greater clarity around the role of the audit committee
Audit committees agree an annual assurance budget, within which they have primary responsibility for negotiating and agreeing the audit fees, and which sets a framework for company spending on any other assurance work.
A package of measures around fraud detection and prevention for both directors and auditors
The Report includes a package of recommendations aimed at raising the prominence and transparency of fraud prevention and detection by both directors and auditors. It is recommended that there should be a new reporting duty on directors to set out the actions they have taken each year to prevent and detect material fraud. Plus there should be a corresponding new duty on the auditor to state in their report how they have assured the directors’ statement on material fraud, and what additional steps they have taken to assess the effectiveness of the relevant controls and to detect any such fraud.
Improved auditor communication and transparency
Sir Donald recommends that audit firms ensure a clear separation between the team which negotiates the audit fees, and the team which carries out the audit(s). In addition, audit firms should be required to publish the profitability of their work from audit, and also the remuneration of their Senior Statutory Auditors and the attendant performance measures around that remuneration. Auditors should also disclose, within the audit report, the hours spent on each audit by each grade within the audit team. Clear reasons should be given for any resignation, dismissal or decision not to participate in a retender; auditors and companies should answer relevant questions in a general meeting.
Obligations to acknowledge external signals of concern
Acknowledging that employees are often well placed to provide insights or highlight concerns that should usefully be considered as part of the audit planning process, or during the audit itself, it is recommended that directors actively seek the views of employees regarding the scope of any audit activity and report back to them how their views have been taken into account.
Further, it is recommended that existing voluntary and statutory company disclosures on supplier payment performance should be brought into the annual report, and be subject to a level of audit as described in the company’s Audit and Assurance Policy.
Extension of audit to new areas including Alternative Performance Measures
Any Alternative Performance Measures reported by a company, and any use of Key Performance Indicators to underpin executive remuneration, should be subject to audit.
The increased use of technology
BEIS and ARGA should work with auditors to create the necessary protections and policies for audit to be able to use data from the companies they audit in order to promote better quality audits. Auditors should explain in the audit report any use of sampling techniques.
Our library of governance publications is available to help you at www.deloitte.co.uk/governancelibrary.