The firm’s head of audit, Tony Cates, says that the challenges of the new reporting regime have been worth the effort. “Take audit reports,” he writes in the introduction to the survey. “For the first time in my career, they actually say something and are actually being read…
“The Financial Reporting Council should take the credit for its bold decision to set us off down that path.”
The Financial Reporting Council should take the credit for its bold decision to set us off down that path
The investor community, meanwhile, is equally delighted. As Iain Richards, head of governance and responsible investment at Threadneedle Asset Management, says, “We have been pleasantly surprised by the usefulness of some of the enclosures.
“We are seeing audit committee and auditor reports being actively circulated and discussed among shareholders as part of the normal review and discussion regarding companies.”
The example shown by those who have embraced the purpose and intent of the new disclosure requirements is “very welcome”, he adds.
Corporate governance code changes affecting periods beginning on or after October 2012 require companies to disclose how their audit committees addressed the key accounting issues, while revised ISA 700, The Independent Auditor’s Report on Financial Statements, requires the auditor to set out in their report the most significant risks for the company and how they addressed them through the audit.
Although it is still early days, KPMG has trawled through the annual accounts of the 134 FTSE 350 companies to publish so far. The survey, Audit Committees' and Auditors' Reports, follows on from an earlier one it conducted in January when only 19 companies had published under the new regime.
As far as audit committee reports are concerned, the researchers found that in general the number of issues audit committees discussed may have widened from two to seven risks to one to 10 but the average number had barely changed (4.3 in the later survey v 4.2 before).
Audit committee varied widely in what they did and didn’t report. Interestingly, although auditing standards view two risks – fraud in revenue recognition and management override of controls – as always significant to the audit, not all the committees included them as a matter of course.
Similar to the earlier survey, the most common risks were impairment, taxation, provisions and revenue recognition. But the largest single category after impairment risks was “other”, which appeared 38 times. A significant proportion occurred only once and often related to accounting judgements.
“We believe that this reflects the breadth of issues considered by auditors,” KPMG says. “This outcome is consistent with our earlier survey and again we see this as a positive; auditors are going beyond the ‘usual suspects’ of impairment and revenue recognition and reporting the complete set of the real issues facing the company.”
Surprisingly, some committees included fewer risks than the auditors did in their report (even discounting for the auditors’ deemed risks). If the auditors include a risk in the audit report, the firm says it would expect them to have communicated the same issue to the audit committee.
In a number of cases, however, the risk related to internal controls which the audit committees tended to address more generally and often outside their statement of significant issues.
The survey found major variations in the value of the extended auditor reports as well. For example, many audit reports specifically said that the auditor considered the adequacy of relevant disclosures. There were also good examples of disclosure of judgments and estimates corresponding to audit risks. These were not only detailed on the nature of the subjective factors but also quantified as to sensitivity.
“However,” KPMG says, “this quality of disclosure was not universally available. In fact, around half of all cases saw some shortfall in matters disclosed by the accounts compared with the audit report.”
On materiality, the survey found that profit measures were the preferred benchmark and that there was a “clustering” of materiality at around 5% of profit before tax.
Most auditors were consistent about providing information on audit coverage. According to the survey, all but one detailed the proportion of the group that had been subject to full scope audit or some form of audit procedures.
One of the examples KPMG gives is an extract from its audit report on Intertek Group plc to show how far audit reports have come from the boiler plate production of earlier years. It reads, “The group is characterised by a diverse geographical footprint, represented by a large number of medium and small sized operations.
“These group reporting procedures covered 70% of total group revenue; 70% of group profit before tax; and 73% of group total assets. The remaining 30% of group revenue, 30% of group profit before tax and 27% of group total assets is represented by 284 reporting units, none of which represented more than 1.2% of total group revenue, 1.7% of group profit before tax, or 1% of group total assets individually.
“We consider the aggregate risk when performing our audit planning and during our final analytical procedures over the group financial statements.”
Just as the firm experimented with three clients’ audit reports in its earlier survey to show how auditors could go further and explain what it found in auditing key risks, it has taken the audit reports of two other clients and field-tested additional explanatory notes setting out how it made its risk assessment and how this affected the scope of the audit and determined the firm’s key audit risks.
It includes an extract from its audit report on Standard Chartered plc ands asks for investors’ views on how useful the extra information is. It admits, however, that the notes do “add significantly” to the length of the report.