According to the regulator’s annual review of audits carried out by the UK’s largest firms, in the quality stakes, PwC is ahead of the pack and one of only two firms – the other is EY – to have no audits classified as needing significant improvements.
The analysis shows that 81% of FTSE 350 audits reviewed in 2016/17 were categorised as requiring no more than limited improvements, compared with 77% in 2015/16 and 70% in 2014/15.
The smaller the companies though, the higher the proportion of audits requiring more than limited improvements, which effectively cancelled out any improvement in audit quality overall.
Among the improvements highlighted by the FRC are the engagement of the firms’ leadership in implementing significant firm or network-wide audit quality improvement programmes, the adoption of better guidance and training on using specialists, and the greater involvement of the engagement quality control review partner and audit technical reviewer.
The regulator also found evidence of the firms taking action to embed the use of data analytics in the audit, although with varying degrees of success. EY, for instance, was told that it needed to improve the design of audit procedures for revenue particularly in relation to data analytics and completeness.
On the downside, the FRC found that the firms need to up the ante when it comes to challenging management in key areas involving judgment, such as impairment reviews, asset valuations and provisions.
They also need to work on the design and execution of audit procedures relating to revenue recognition.
Some firms need to improve their systems and arrangements for ensuring compliance with ethical and independence requirements. Grant Thornton, for instance, was last year taken to task over its monitoring procedures which, the FRC described as “insufficient to ensure that ethical breaches were identified and reported on a timely basis”.
Although the firm has committed to increase the frequency of their compliance reviews, during the 2016/17 review the FRC identified “further significant findings …in respect of firm-wide independence matters”. “These findings indicated weaknesses in the internal controls at the firm relating to auditor independence.”
“High quality audit,” commented Melanie McLaren, the FRC’s executive director for audit and actuarial regulation, “underpins public trust and confidence in business. Audit firm leaderships’ focus on audit quality is a key driver of good audits and is vital to promoting a culture of continuous improvement.
“While the progress made by individual firms differed, all firms are investing in audit quality and have set out further action to improve.”
In the responses to their reviews, several of the firms expressed disappointment about the findings especially after investing so much time and resources into improving audit quality.
A number have taken innovative approaches to improving their audit quality. BDO, for example, brought in a specialist external firm which has worked with other industries “to enhance the depth and structure of our root cause analysis”, while EY commissioned a project led by external cognitive psychologists to analyse the behaviours of audit teams which performed at an exceptional level “so we can help coach all our teams to replicate these behaviours”.
Deloitte, whose tally of audits needing improvements went up from four last year to six this year “despite the high standards we set and many areas of improvement in our quality record”, said that it remain firmly committed to “achieving and indeed exceeding” the FRC’s 90% target.
“We consider our results over the last five years and our continued investment in audit quality programmes indicate that we have built the right platform to do this.”
Of Deloitte’s six audits (out of a total of 23), two required significant improvements (up from none in 2015/16 and 2014/15). The problems, the FRC reviewers found, related to insufficient challenge over the adequacy of management’s impairment model, which was too high level, and insufficient challenge of management’s key assumptions relating to revenues and costs, contingencies and perpetuity growth rates.
The audit team also performed insufficient procedures over revenue and accrued income, and an insufficient audit response to IT control weaknesses.
Grant ThorntonWhen it comes to IT problems, Grant Thornton was found to have continuing issues two years after these were first raised by the FRC. They relate to the firm’s audit software for changing and resetting electronic passwords.
“Due partly to delays in system development, no action had been taken at the time of our review in November 2016,” the regulator says. “The firm has re-introduced password reset testing in the first quarter of 2017.”
This time round, the reviewers looked at aspects of eight audits, finding four of them in need of improvements. Of those, three required significant improvements because of the firm’s: failure to evaluate sufficiently the entity’s methodology, assumptions and judgments used in determining provisions; inaccurate disclosures of materiality in the audit report and insufficient testing of income; and insufficient audit procedures in relation to investments, in particular the evaluation and challenge of managements’ valuation expert.
Grant Thornton said it was disappointed with the results. “This is not in line with the results of our most recent internal reviews or the previous year’s FRC review, but these are important findings and we take them seriously.”
The FRC reviewers looked at aspects of eight audits carried out by BDO and found three wanting, including one where significant improvements were required.
Key findings included the need for the firm to improve the quality of information given to the audit committees about areas of judgment and to improve communication with them.
BDO needs to improve the quality of audit evidence and challenge to management in relation to the audit of provisions, ensure that improvements to substantive analytical review procedures are embedded in the audit of revenue, and improve the extent of corroborative evidence in the testing of journals.
It must also ensure the ethics partner is always consulted on independence matters when required.
Commenting on the findings, BDO says that working with the specialist external firm on its root cause analysis process engendered “an enthusiastic response” from people involved in it. “The approach has provided deeper insight through understanding the relationships between seemingly unrelated causes that can combine to generate some of the issues arising”.
Reviewing aspects of 17 audits performed by EY uncovered two that needed improvements, neither of which were significant ones.
In one of these two, the FRC reviewers found that insufficient attention had been paid to the audit completion procedures. “Certain audit working papers had been amended after the date on which the audit file should have been completed or after we had notified the firm that the audit would be reviewed.”
The reviewers stressed that there was evidence that the key audit working papers had in fact been completed and reviewed by the date of the auditor’s report, and EY had taken action to improve its monitoring of compliance with completion deadlines.
In the other audit, the reviewers found insufficient evidence that internal development costs should be capitalised and a lack of rigour when challenging management’s assumptions in goodwill impairment testing.
In its response to the report, EY highlighted the fact that more than 90% of its FTSE 350 audits were assessed as requiring no more than limited improvements and that it had received positive feedback on audits where it had been newly appointed auditor.
It added that maintaining and continuing to improve audit quality was a priority and it welcomed “the insights and challenges provided by the FRC’s inspection”.
The reviewers gave KPMG a harder time over its audit quality. Although the firm acted on findings arising from both internal and external reviews in the past couple of years, the FRC found that some findings had reoccurred.
“We recognise that certain of the firm’s actions took place after some of the audits included in our 2016/17 inspection were completed, as audits reviewed in this inspection cycle related to year ends from 30 June 2015 to 31 March 2016.
“The extent of recurring findings might, however, still suggest that either the root cause analysis did not fully identify the underlying cause of the issues or that the actions taken were subsequently found to be inappropriate, untimely or have not been fully effective.”
This year, the FRC looked at aspects of 23 audits and found six needing improvements and two needing significant improvements.
In one of these two, the reviewers found weaknesses in the audit approach adopted for goodwill impairment – which included insufficient professional scepticism and challenge of management’s assessment, and insufficient evidence of involvement by the group team in the component auditor’s work relating to a material acquisition.
In the other, the reviewers found insufficient evidence of an appropriate risk assessment and response in respect of material supplier income.
KPMG said it was disappointed to have two engagements assessed as needing significant improvement. “However, we are confident that our QIP [Quality Improvement Plan] has the ingredients necessary for success and, most importantly, the full and committed backing of everyone at KPMG.”
This was launched in Autumn last year and adopts a wide-ranging and behaviours-based approach to improving audit quality. The FRC says, in its report on the firm, that it is encouraged by the scope and objectives of the plan but “anticipates that its full impact will not be seen until the completion of our next two inspection cycles”.
PwC may have had its high proportion of audits showing good practice, but it also proved to have flaws when it came to two of the 27 audits reviewed, although in neither case were these significant.
The reviewers found insufficient evidence of the audit team’s consideration and challenge as to why no brand value was included for most of the acquisitions in the year, and insufficient consideration or evidence of challenge in relation to the basis of uncertain tax provisions and insufficient evidence obtained to support the level of use of internal audit testing of IT general controls.
PwC said that it had carried out root cause analysis on the inspection findings and other findings arising from other external regulatory inspections and identified “overarching behavioural themes” relating to coaching, supervision and review. It will be taking additional actions over the coming year.
“We are confident that these activities, together with the more detailed actions in respect of the key findings…will ensure our focus remains on delivering the highest quality audits.”
Although the six firms have come in for criticism, the FRC was also keen to emphasise that they all showed examples of good practice.
Commenting on the inspection reports, Henry Irving, head of ICAEW’s audit and assurance faculty, said: “While it is good that FTSE 350 audits are improving, the FRC highlights the fact that there is work still to do.”
He added that if public confidence in audit is to be maintained, audit need to be of the highest quality.