For the past four years the Financial Reporting Council (FRC) has been complementing its individual file reviews with a broader analysis of the world of audit, considering firm-specific issues at a number of the largest audit practices. The eighth of these thematic reviews, published earlier this year, looked at quality control policies and procedures, comparing these between firms and identifying areas of good practice.
While many of the review’s conclusions were positive, one finding stood out: one-third of audits reviewed, it said, needed “more than just limited improvement”. Bearing in mind that the sample was of some of the largest audits in the country, this makes for stark reading.
Or does it? The FRC’s remit is to look at whether firms have been complying with auditing standards. But the fact that its thematic reviews are designed to assess audit quality assumes that this compliance delivers quality. That assumption, many feel, is open to question.
“Here we have a useful report from the FRC on what more could be done to control quality, but it doesn’t say much, if anything, about what drives quality in the first place,” says David Herbinet, UK head of PIE and global audit leader at Mazars. “The foundation of quality should be how you deliver quality first time, not how you control quality after the event.”
This raises the question: how does a firm deliver a quality audit? This deceptively simple question throws up many different answers. Start with this one from Andrew Ratcliffe, a former PwC partner and ICAEW president (he still sits on Council) who is the audit committee chair at a couple of charities. “Audit quality is about delivering an appropriate professional opinion that’s independent, reliable, understandable, and is supported by adequate evidence and objective judgement,” he says.
The problem is the nature of the audit means that it’s not easy to measure its quality. Some use a negative proxy: an audit that gives a clean bill of health to a company that subsequently fails is a bad audit. Others equate quality with compliance. But quality and compliance are not synonyms,says Gill Spaul, technical director at Moore Stephens Europe.
“You can have a fully compliant audit that isn’t necessarily the quality you want. And you can have an audit that isn’t completely compliant but that comes up with the right answer. Is that a good quality audit or a bad quality audit that got lucky?”
This need for a more holistic view of audit quality runs through the profession. ICAEW’s Audit Quality Forum looks beyond standards and compliance to focus on issues such as having the right people with the right competencies, while in the US the Public Company Accounting Oversight Board has consulted on more quantitative measures of audit quality indicators.
Quantitative measures don’t just run the risk of being too simplistic, says Chris Cantwell, technical practice regulation manager at ICAEW’s Audit and Assurance Faculty: their limitations might lead to false conclusions. “For instance, it might be seen as a good thing that there have been a lot of training hours at a firm. But that doesn’t tell you anything about the quality of the training or whether it’s the right sort of training. It might even indicate that there’s a deeper quality issue that will never be addressed by training.”
Cantwell is not the only person to think that concentrating on measurables might be counterproductive. EY has been doing some work with cognitive behavioural psychologists looking at the patterns that drive a good quality audit. UK managing partner of assurance Hywel Ball says this has shown unintended consequences of some compliance activity, which can have a knock-on effect on the quality of the audit.
“The audit team starts with worrying about being compliant rather than thinking about what the overall objective of the audit is and remembering that the big picture is to deliver a robust audit. We
are trying to re-emphasise how important that aspect of the audit is. My belief is that the cultural and behavioural aspect is just as important, if not more so, than compliance. Getting the behavioural pattern right is crucial in addressing all the aspects of audit quality.”
The focus on compliance means that firms tend to align themselves with the regulator’s view – a perspective that is not necessarily aligned or consistent with that of the market, thinks Herbinet. “My view, and I believe the market view, is the best way to define audit quality is to consider the relevance of the audit to the end service users. There is a significant expectation gap between what people want to receive and what firms actually deliver. One of the challenges, and the main reason why this debate is stalling, is that the market is not homogenous in terms of what it wants.”
Hemione Hudson, PwC’s UK head of assurance, says that for investors, audit quality means getting robust financial information: “The ultimate measure of audit quality is the trust people have in the capital market.”
One approach to measuring audit quality, she says, is to measure inputs and outputs. The former include having a robust methodology, and using the right people who are given the right training and have the appropriate industry exposure to understand the environment. “We also need to ask: are we using the right technology? There is a greater demand for data analytics to ensure we are evolving audit to cope with big data.”
Outputs include firms’ internal file reviews and the FRC Audit Quality Review (AQR) team’s assessment of public interest entity audit files. AQRs have pushed audits to a new level, says Next plc audit committee chair Steve Barber. “Quality has risen sharply as the auditor knows that at some point they will be subject to an external review,” he says.
The FRC also reports on general developments in audit every six months. Since it started pulling these reports together, it has found that stakeholders close to the audit – such as the CFO and the audit committee chair – are becoming more confident about the audit. Investors, however, who have less interaction with the auditor, are less so.
Why is this? “The FRC appreciates that quality is not just about compliance,” says Henry Irving, head of ICAEW’s Audit and Assurance Faculty. “It’s about service quality: the quality of the people who come before the audit committee and management; the quality of the insights made to those charged with the company’s governance.”
The questions that Barber considers in assessing audit quality are: is the audit efficient and effective? “This comes down to good planning, good communication and reporting to the audit committee,” he says.
The past few years have seen a huge change in the communication between the auditors and the
audit committee. Where this was neither very formal nor structured in the past, Barber says the report to the audit committee is now extremely useful.
“Some of the auditor’s report to the audit committee is too focused on independence and regulation: I understand why they are needed but they do add to the length. What I’m most interested in are the 10 pages or so that deal with the real issues. The audit committee members want to understand these and be comfortable that they are right or understand what the variables might be. These reports are now high quality and bring home the key messages.”
Ratcliffe says the auditor’s reports are a good start in judging the quality of the audit. “These are much more useful now. With the new form of audit report to shareholders as well as the private report for the audit committee you can see the thought and analysis that has gone into risk areas and judge them on how well they have explored the issues. But you should also sit down and talk to the audit partner.
On a larger assignment, I would like to talk to some of the team as well, to attend planning meetings and debrief meetings to get a more rounded sense of the team as a collective. This isn’t something you can reduce to a scorecard – it comes down to personal judgement.”
Service interviews and questionnaires help management and the audit committee form a view on how rigorous the audit has been. Firms are sifting through plenty of interesting results from this feedback at the moment, given the numbers of audits that are changing hands due to the new audit rotation rules. In many cases, says Ball, management are saying they have been probed on areas that they have not been asked about for a while. “That’s not to say the previous audits were bad; rather that the principle of a fresh pair of eyes is coming into play.”
What’s more, negative feedback might have good implications for quality. Hudson recalls a recent experience at a new client in which 20 of 108 feedback forms received were from people who were not happy with the audit. “We discussed this with the audit committee and found the detractors were all from overseas locations where we had raised significant control issues. The audit committee were pleased: they pointed out our role was not to make people comfortable.”
While definitions of audit quality may differ, there is one point most agree on: it does not stand still. People’s concept of what they expect audit quality to be evolves, says Spaul.
“This is partly because standards change, partly because circumstances change, and the way in which we are able to access and manipulate information changes. There are new ways in which companies are structured and business is conducted. Audit has to evolve to match what is being audited. And as audit evolves, so does the concept of what good quality means.”
ICAEW is working towards constant improvement in audit quality and doing long-term work with its Audit Futures programme to train audit professionals for the future, says Irving. He points out that there is and always will be a short-form for quality: brand. “Auditors are effectively lending their brand to their clients. If the brand is no good, as in the Andersen case, you lose business pretty quickly. Ultimately, it’s all about trust.”