The statutory audit ecosystem in the UK has faced intense scrutiny from government committees, inquiries and reviews over the past year, and there may be structural and systemic changes ahead. At the end of 2018, the Competition and Markets Authority (CMA) issued an interim update paper (with proposals) and the independent review led by Sir John Kingman reported its final recommendations.
Then in early April the Business, Energy and Industrial Strategy Committee (BEISC) said the CMA should aim for the full structural break-up of the Big Four firms into audit and non-audit businesses. The role and responsibilities of audit committees (ACs) were a point of focus for both the CMA and Kingman and their proposals merit careful consideration. “The package of proposals announced pre-Christmas has a number of items which at a minimum should be food for thought,” says Michael Izza, ICAEW chief executive.
Proposals from both the CMA and Kingman (see panel, right) prompt some thorny questions. Are they compatible? Is the current role of an AC clear? What should it include that it does not already encompass? How will joint audits affect the work of the AC? What might be the impact of introducing personal liability for the AC or the audit committee chair (ACC)?
The CMA and Kingman both want ACs and ACCs to be more accountable, but some of their proposals may not be compatible. For example, the CMA suggests that during the audit tender process an AC should be able to demonstrate that it has (among other things) made decisions independently. Kingman suggests giving the Audit Reporting and Governance Authority (ARGA), which replaces the Financial Reporting Council (FRC), power to recommend to shareholders a change of auditor, CEO, CFO, chair or ACC. This could be messy.
If board members act on a suggestion from ARGA and there are subsequent problems, who will determine the root cause? How will those responsible be held to account? By comparison, whether the role of an AC is clear should seem like a simple question, but it is not – despite the availability of guidance Auditors and boards can find their way through regulatory guidance, helped by their pre-existing knowledge of what terms such as ‘audit’ and ‘risk’ mean and their understanding of the supporting structures and practices of audit.
But the complexity of the audit ecosystem makes it opaque to the uninitiated and perpetuates expectation gaps between what some stakeholders think ACs and those conducting financial statement audits should be doing, what law requires them to do, and how much comfort this can, in practice, provide.
Business risk can be managed but it is impossible to eliminate. “Some degree of risk is inherent in a capitalist, entrepreneurial, business society,” says Mark Freebairn, partner and head of the financial management practice of Odgers Berndtson.
“That risk means that things will go wrong, occasionally something enormous will go wrong and as a result of that, very occasionally a business might go bang.” It is both impractical and unlikely that the UK government will be able to create a capitalist, entrepreneurial business model with a safety net which means that no business ever fails and no investor ever loses their money.
However, says Freebairn, there seems to be an “overwhelming view” that the AC is the guarantor of that safety net. “That’s not practical. An AC chair may typically spend around 30 days a year in the business and even somebody that spends 300 days a year in the business can get things wrong,” he says.
Perhaps ACs should spend more time in the business and more time challenging management and auditors? When the Department for Business, Energy and Industrial Strategy Select Committee on the future of audit was taking evidence during its inquiry into the future of audit, it mooted these suggestions and more, as areas where ACs should do more.
AC best practices
In response, Steve Barber, the AC chair at AA plc noted that he was already doing these things. “As the chair of the audit committee I would expect to speak to the auditors throughout the year on a weekly and monthly basis. There is very regular and frequent communication and during the audit that would probably increase.”
Barber often challenges the auditors and he often phones the audit partner and asks them to look at a specific area and challenge management on that too: “An AC has more detailed knowledge of day-to-day operations and knows where concerns are, because we have the board meetings and everything. I would expect to focus the auditors on those concerns to give us comfort.”
Not all ACs and ACCs are created equal, as Margaret Ewing, the nomination, audit and risk chair at ITV, notes. “Our role is to be challenging, but also supportive and help to improve the performance of the company and also the performance of management and we challenge when necessary,” she says, acknowledging that ACs and ACCs perform their duties with varying degrees of diligence. “You are always going to get the outlier. Someone who does not perform their job well. There will always be error or negligence or weakness somewhere. No matter what processes or regime you put in place, there will always be exceptions,” she says, because we are dealing with humans.
As some of the CMA proposals and Kingman recommendations are implemented, doing more may become inevitable for ACs and ACCs; though not in the way that some may be anticipating; particularly when it comes to joint audits. In a submission to the BEIS Select Committee, PwC chairman and senior partner Kevin Ellis said that with regard to joint audits, the firm did not believe the CMA had “made an evidence-based case that these proposals will lead to improved choice or quality” and suggested that they could create “significant potential audit risk” and disruption to UK companies – and in the short term this may be so.
Izza says: “Assuming that they will be planned over a period of time, audit committees will need to be arranging a tender process to find a joint auditor, which might prove easier for some sectors than others.” Some in the profession have suggested that joint audit may prove much more time-consuming for ACs, perhaps even doubling their workloads. However, Bob Neate begs to differ. As a partner in Mazars’ Audit and Assurance Group, he is one of the few auditors in the UK who has for many years regularly performed joint audits in France. “We find that there are a lot of urban myths around joint audit,” he says.
“In my experience of joint audits, no more time is required by audit committees and chairs,” he says. Because engagement partners have joint responsibility they both attend meetings with the AC and ACC, so there are no more audit-related meetings than with a single firm. The tendering process could create more work, but in France, which has a joint audit requirement and mandatory six-year audit tenures, many ACs manage the tendering and rotation processes by staggering their appointment of auditors with, for example, a three year gap and overlap, which reduces risk on auditor rotation, because one firm can provide continuity.
Another urban myth that may be circulating around CMA and Kingman proposals is that some of them, such as personal legal liability and issues around independence from ARGA (see panel) may jointly or collectively act as a barrier to AC and ACC recruitment. “The senior manager regime within financial services has definitely not helped increase the pool of talent of professionals who want to sit on the board of financial services organisations.
Making audit chairs personally liable for anything that happens in the organisation will have a similar impact, I am sure, on audit chairs,” says Freebairn. “At a point in time when you want to increase diversity in every aspect of the pool, making it harder to get people excited about doing it is probably not the smartest move,” he adds.
In the short term, however, Freebairn does not think proposed changes will immediately put people off roles on ACs, because many of the AC members he talks to are “quite alpha” by nature. Longer term is a different matter. “The first time something happens and one of them goes to prison, that will have a marked impact,” he says. “Until then, they will believe that it will never happen to them.”
CMA and Kingman proposals
Headline CMA proposals affecting ACs and ACCs include: regulatory scrutiny of auditor appointment and management and measures to increase accountability of ACs (with a number of remedies suggested); and the imposition of a ‘joint audit’ regime for FTSE 350 audits, with each audit carried out by two firms, at least one of which must be non-Big Four. Kingman proposals that may be looming over ACs and ACCs include the introduction of a new personal liability regime under the FRC replacement, ARGA, and wider enforcement powers covering directors (which ICAEW assesses in representation 92/18).
Existing AC roles and responsibilities
The Companies Act 2006 and the UK Corporate Governance Code both have things to say on how ACs should discharge their duties. So do the FRC publications Guidance on Audit Committees, Best Practice Guide to Audit Tendering, Guidance on Risk Management, Internal Control and Related Financial and Business Reporting and Guidance on Board Effectiveness, which succinctly states: “The audit committee is responsible for discharging governance responsibilities in respect of audit, risk and internal control, and will report to the board as appropriate.” It then notes that boards and ACs often need to also consider relevant legislation in Listing Rules and Disclosure Guidance and Transparency Rules.