How should audit committees go about getting their arms around the concept of the effectiveness of the external audit process? What are the components they should consider, and what are the outcomes that should be reviewed? The expectation gap underlying a hindsight view: “it must be effective if nothing material emerges the following year”, is long behind us. With the helpful input from a number of investors and investor representative bodies and the Financial Reporting Council, which reviewed the draft, Deloitte has published a framework and guidance which will be helpful to audit committees in this endeavour.
We are not alone in our view that the attitude of the management team and its engagement with the external audit process is fundamental to audit effectiveness
Deloitte’s audit effectiveness framework has been designed to set out key areas where audit committee members ought to have an opinion about the audit process. The framework is divided into 10 structured components, each fundamental to the audit process, and seeks to articulate the concept of audit effectiveness in a series of best practice statements. These components include, as expected, the lead audit partner, the broader audit team, considerations for the planning, scope, risk identification and execution of the audit. Also included are best practice statements or attributes around communications between the auditor and audit committee and broader support provided for the work of the audit committee by the auditor. In addition, the new formal auditor reporting requirements, also effective for September 2013 year ends, play a crucial part in this puzzle. The framework draws out the important role of the auditor in terms of raising standards, and seeks to paint a picture of what we at Deloitte are calling “the Distinctive Audit”.
But the framework is not just about the auditor - it also provides suggestions for how to assess the role of management in the external audit process. We are not alone in our view that the attitude of the management team and its engagement with the external audit process is fundamental to audit effectiveness. The framework provides audit committees with a mechanism to encourage management to improve standards in a number of key areas such as: does management believe in ‘right first time’; what is the quality of management papers; how robust are systems and controls; is the audit respected and valued; and what is the attitude of management to the recording of audit adjustments?
As a series of best practice statements, detractors may suggest that the framework is a “box ticking checklist”. My answer: it sets out a comprehensive list of attributes and best practice statements that audit committees should feel free to use and tailor as they wish. This framework will save valuable time for those not inclined to invent their own assessment tool. We have highlighted separately the key best practice statements that could be used for the annual assessment now required under the Combined Code. The full framework could be used for a more comprehensive review perhaps on a three year cycle.
In developing the framework, we have drawn from existing auditor evaluation guidance from the ICAEW and ICAS, but have gone further than current standards. It incorporates relevant areas from the Audit Quality Frameworks from the Financial Reporting Council and the IAASB. It reflects comments from the latest Audit Quality Review reports on the major audit firms in the UK and the most up to date and relevant auditing standards, consultations and transparency reporting for UK audit firms.
With this framework, we believe audit committees will be armed with greater insight to undertake a comprehensive assessment of the effectiveness of the external audit process. We have provided an example disclosure which brings to life the elements encouraged by investors and regulators.
We have painted a picture of the concept of the effectiveness of the audit process and we are publishing the framework for any company and for any firm of auditors to use. We will be updating it regularly, and welcome comments and contributions to email@example.com.
William Touche is leader of corporate governance at Deloitte