The latest roundup of tax news and cases, including a detailed summary of this year’s FRC audit quality inspection reports
FRC slates integrity of bank auditors in annual quality inspection reports
The Financial Reporting Council (FRC) is to launch special inspections of audits in the bank and building society sector based on the poor quality of audit work it found in its latest annual inspection of 82 audits, including 13 banks and building societies.
The regulator is hopeful that its thematic inspection – the results of which will be published – will force the largest auditors to improve the quality of their audit work in the bank and building society sector.
The issues picked up in the 2013/14 round of inspections by the FRC’s Audit Quality Inspection (AQI) team are recurring issues, and include problems with loan loss provisions, weaknesses in the testing of loan impairment models and related assumptions, insufficient challenge of management or the failure to obtain further evidence to support provisioning judgments and deficiencies in the overall effectiveness of general IT controls and IT application controls.
The FRC’s executive director in the conduct division, Paul George, said that the regulator has concerns about the quality of audit in the sector, and ‘is clearly not getting the level of improvement we would like’.
‘By undertaking the thematic exercise to report findings publicly as a stand-alone segment, we will focus a spotlight on those audits. By flagging up that we’re going to do the exercise before those audits were completed, puts the firms on notice that we are going to do this exercise and that we are not happy with progress to date. And it gives them every incentive to make the necessary improvements.
‘If they don’t, we will have to consider what to do about that then,’ he said, adding that he hopes it will not come down to using the FRC’s statutory sanctions which allow it to impose restrictions, penalties, registration suspension or withdrawal.
The results of the thematic inspection will be published in autumn 2014.
Although the FRC began reviewing 82 audits for its 2013/14 inspections, only 81 were completely reviewed since one of the entities came under investigation by the FRC, into the preparation, approval and audit of the financial statements. A footnote said the review had to be excluded from its overall findings.
In January, the FRC said in a statement that it would look at the preparation, approval and audit of the financial statements of the Co-operative Bank plc, up to and including the year ended 31 December 2012, during which time KPMG was the bank’s retained auditor.
The FRC again singled out letterbox companies – those companies or groups which have little more than a registered office or correspondence address in their country of registration with general financial and corporate management based elsewhere – as a cause of concern.
The regulator said that a key issue was the contravention of auditing standards in that the auditor signing the company or group audit report often had insufficient involvement in the audit, including not taking responsibility for the direction, supervision, performance and review of the engagement.
In some cases, inspectors found that the auditor was relying primarily on sign-offs from other auditors. ‘We were particularly concerned that a number of firms had issued internal guidance which promoted such an approach.
‘Firms have made changes to their methodologies and guidance as a result of our concerns. However, at two firms the revised guidance was inadequate and, in particular, did not make it sufficiently clear that the audit team should be appropriately involved in the performance of the audit work.
‘At a further firm we were concerned that their revised guidance would not be available on a timely basis. We expect appropriate action to be taken by these three firms as soon as possible.’ So far two firms have amended their guidance.
Audit committees must assist with regulatory oversight
The FRC plans to continue to engage closely with audit committees as it did during its latest inspection round. The work with audit committees is seen as vital for the regulator to build better understanding of the issues for audit clients.
Paul George, FRC executive director in the conduct division, said: ‘We will continue to do this on a sample basis in advance of inspections and talk after inspections as well.
‘We did not meet all audit committees face to face – some of these interactions were by way of a telephone call. It was useful as we understood their perspective on the issues to focus in on.
‘What we were seeking to flag up is that the audit committees we spoke to were generally positive about the conduct of their audits. They don’t have the same opportunity as we do to delve into what actually took place in an audit itself,’ said George.
In addition, the FRC will continue sharing intelligence with the Prudential Regulation Authority (PRA), George confirmed. The issues of interest to the PRA include matters pertaining to fair value, loan provisioning and impairment at banks.
On the back of the financial crisis, the PRA (and its predecessor, the Financial Services Authority) have held regular meetings to discuss these matters of mutual interest.
‘The PRA shared with us intelligence from its supervisory enquiries which might have a bearing on the external audit, as well as the output from its bi-lateral and tri-lateral meetings with auditors and management.
‘These discussions informed both our selection of audits for review and the specific areas of the audit work to focus on,’ explained George.
‘In turn, we provided the PRA with specific feedback on the issues arising from the audits of the banks, building societies, insurers and investment management companies that we reviewed in 2013/14.
‘We also provided them with a copy of our report on each of these reviews.
If any of our reviews suggest that the audit requires significant improvements, the PRA discusses our findings with both the auditors and the company.’
High percentage of audits still failing to meet FRC standards
In this year’s FRC audit quality inspection reports, overall 60% of all audits were judged to be either good or requiring only limited improvements, maintaining the significant improvement in the grading of audits observed last year.
There was an increase in the proportion of audits with the highest grading (19% compared with 13% and 11% in 2012/13 and 2011/12 respectively). This was particularly influenced by the results at one firm.
However, 15% of all audits were considered to require significant improvements – unchanged from 2012/13, although the number of FTSE 350 audits requiring significant improvements increased from two to four.
Among the FTSE 100, 86% of audits assessed were considered either good or requiring limited improvements, with only one FTSE 100 audit requiring significant improvements (unchanged from 2012/13 and 2011/12 inspections).
Four of the audits assessed as requiring significant improvements were of letterbox companies – those groups or companies with little more than a registered office in their country of registration, with management and activities based elsewhere.
The issue has also not been addressed, it appears, as there were only two of these audits in the previous year.
The FRC has met PwC partners to discuss the issue and written to the firm twice to ask it to update its guidance in relation to the audit of letterbox companies.
The regulator is concerned about the way in which letterbox companies are audited, since the auditor is usually based in the country of legal registration, rather than where management is based.
PwC, for example, is auditor for eight companies based in Jersey, Guernsey or the Isle of Man, of which two are FTSE 100 listed entities.
Regulator says KPMG needs to tackle ethical issues
KPMG should do more to make sure all partners are complying with required ethical standards according to the Financial Reporting Council’s (FRC) latest Annual Quality Inspection (AQI) report, which also wants the firm to take action on how it handles the audit of ‘letterbox’ companies.
In the FRC’s 2013/14 inspection reviewed 17 of KPMG’s audit engagements, including a follow-up on one which had been inspected the year before.
Overall, the firm’s rating improved, with 10 audits judged as a good standard, compared with seven previously, and four requiring improvements compared with six in 2012/13.
However, this year two audits required significant improvements in relation to the audit of intangible assets and revenue, whereas there were none in this category the year before. An assessment of the quality of one audit was not finalised.
The FRC described its findings as ‘diverse’ and identified no common themes, although the regulator said it was concerned about KPMG’s rate of progress in addressing prior year findings relating to the use of other auditors in undertaking letterbox company audits.
While revised guidance is under development, the FRC said ‘appropriate action should have been taken on a more timely basis’.
The regulator also stated it is important that KPMG takes prompt action in response to the recommendations of an external review it commissioned of the firm’s ethical policies and procedures, which reported in February 2014.
The FRC’s review found that on three audits there was insufficient evidence that the audit team had given appropriate consideration to independence threats, and related safeguards, arising from the provision of non-audit services.
On a further audit, there was insufficient evidence of approval by the firm’s ethics partner of certain non-audit services which included a contingent fee arrangement, while on two audits a senior partner with a client relationship role accompanied the audit engagement partner to certain meetings with the audit committee.
In addition, the FRC wants KPMG to reconsider its approach to the pre-issuance reviews of financial statements, a recommendation the regulator has made for the two previous years and which it says would bring the firm in line with established practice.
It also recommends that the firm introduces a requirement for its accounting and reporting technical department to review the clearance of any significant matters it raises in a pre‑issuance technical review prior to the audit report being signed.
In response to the latest AQI report, Tony Cates, KPMG’s head of audit, said: ‘We take very seriously observations and recommendations made by the FRC and have developed a detailed action plan that responds to these matters together with those identified through other internal and external review processes.
‘Reflecting our desire for continuous improvement, many of these actions are well progressed having been developed as issues emerged through the inspection process,’ he added.
FRC critical of EY handling of letterbox company audit
The Financial Reporting Council (FRC) has downgraded EY’s performance in its latest Annual Quality Inspection Report compared to last year’s inspection, saying that the firm needs to do more in particular to improve its auditing of ‘letterbox’ companies.
The regulator reviewed 16 of EY’s audit engagements for its 2013/14 inspection. Of these, six were judged to be performed to a good standard, compared to 10 the year before. Six audits required improvements compared to one in 2012/13. The remaining four required significant improvements, compared to one in the previous year.
Two of the problematic audits were of entities where the company’s general and financial management are located outside the UK (letterbox companies).
In both cases the regulator said there was insufficient evidence of EY supervising and directing the work of the third party undertaking the audit. As a result, the regulator said the firm needed to enhance guidance on group audit engagement and provide training for all partners and staff.
The FRC identified issues in other areas including revenue recognition, testing of IT controls and impairment of goodwill, as well as the impact of resourcing challenges on audit quality.
On the subject of testing internal controls, the FRC queried EY’s global audit approach. The firm believes that where a suite of controls are subject to common control and are applied consistently in a number of locations globally, a single global sample may be selected for testing.
The FRC said: ‘It has yet to be demonstrated to us that this approach complies with Auditing Standards’.
The regulator also raised concerns about potential breaches of auditor independence on one audit, where part of the fee arrangements agreed for non-audit services involved what was, in substance, a contingent fee.
In a letter to the FRC outlining the firm’s response, Hywel Ball, EY’s UK head of audit, said he was ‘disappointed’ that the current year’s gradings ‘were not as positive as there have been no material changes in our audit practice’.
‘However, as the report points out, a wide range of factors can influence your inspectors’ ratings each year. We also note that the change in gradings is not necessarily indicative of any overall change in audit quality at our firm. Nevertheless, we have already taken actions to address specific findings, such as those in relation to letterbox companies which had a major impact on our gradings this year,’ Ball said.
PwC must challenge management over audits
PwC has been told by the regulator to improve its work in relation to impairment testing of tangible and intangible assets, relating to the sufficiency of evidence or of challenge of the appropriateness of management’s growth rate assumptions, a key aspect when undertaking audits in the banking sector.
The FRC’s Audit Quality Inspection (AQI) team made the recommendations to the firm in the course of inspecting 19 audits conducted by PwC. These included two which were further reviews of audits reviewed in its 2012/13 round of inspections.
The regulator said that 17 audits (2012/13: 11 audits) were performed to a good standard with limited improvements required and two audits (2012/13: two audits) required improvements. None of the audits reviewed in 2013/14 (2012/13: one audit) required significant improvements.
In considering the firm’s audit of revenue in 18 audits, the FRC found weaknesses in two, relating to sufficiency of the testing of revenue controls. In one, the audit team’s testing of certain key areas, including the judgments made by the entity’s management, was not performed sufficiently robustly. In the second, there was insufficient explanation of the reasons why it was considered appropriate for reliance to be placed on revenue transactional controls in an overall control environment that was identified as being weak.
In the case of a charity, there was insufficient evidence to support the entity’s accounting policy for revenue recognition.
The firm was pulled up over its testing of the operational effectiveness of IT controls – three out of five audits had issues which included insufficient testing of system generated reports and insufficient evidence of the audit team’s approach to the testing of these reports.
There were also weaknesses in the impairment testing of tangible and intangible assets in three out of 12 audits. These related to the sufficiency of evidence or of challenge of the appropriateness of management’s growth rate assumptions or of the following year’s budget which supported the carrying value of goodwill and/or other intangible assets.
The FRC also found that audit teams did not sufficiently challenge the reasons why the useful economic lives of tangible and intangible fixed assets were considered to be appropriate.
The audit team was criticised for failing to challenge management of a charity in relation to the bank statements for the year-end for all the charity’s local fundraising accounts.
‘As a result the audit team was unable to obtain appropriate audit evidence for certain year-end bank balances. Although, in aggregate, these were below overall materiality set by the firm, further steps should have been taken to confirm the balances held in the local fundraising accounts for which bank statements were not obtained by the entity’s management,’ the FRC said.
PwC carries out an independence confirmation for all partners and staff and other procedures in keeping with compliance of ethical standards. As such the firm records financial interests of its partners and tests these records on a sample basis across the various divisions.
The FRC said it reviewed the firm’s 2013 report which recorded several breaches, including serious issues which were reported to the firm’s executive board who are expected to agree on the appropriate course of action required.
PwC’s internal monitoring process identified seven breaches relating to ethical rules for the provision of non-audit services.
In one instance, an engagement partner responsible for the audit of a listed entity failed to consult the ethics partner when it was expected that non-audit fees would exceed audit fees in the year.
A second issue concerned a secondment to an audited entity for an extended period of time.
The FRC also picked up weaknesses in two out of 11 audits in which the firm provided non-audit services to audited entities. In one case, the firm had developed a forecasting model for an entity when not an audit client. The firm accepted appointment as auditor in the following year. In the year of its audit review, the firm made minor enhancements to the functionality of the forecasting model which was used by the entity for developing forecasts supporting a number of audit judgments. The firm did not adequately assess the significance of the self-review threat to its independence when it undertook the further work on the forecasting model.
In the other case, the firm provided accounting advice in the year in connection with a proposed hedging arrangement which should have been treated as a separate non-audit engagement. The firm did not give sufficient consideration, before this engagement was accepted, to the significance of the self-review threat to its independence which may arise in future financial years.
There was also a small increase in the level of audit work carried out by the firm’s offshore centres over the last year.
PwC head of assurance, James Chalmers, said: ‘We continue to invest significant time and resources in delivering high quality audits. We have put in place a comprehensive action plan to respond to the matters raised which, together with our ongoing assurance transformation programme, we are confident will maintain our focus on audit quality,’ said Chalmers.
Warning over Deloitte’s tax advice to audit client
In addition to being rapped for low quality work among audits in the banking sector, the FRC has raised red flags over threats to Deloitte’s independence as an auditor, arising from tax advice to audit clients, as well as its increasing use of offshore centre audit staff in the annual Audit Quality Inspection (AQI) report for the Big Four firm.
The FRC has also flagged up independence threats stemming from the way in which Deloitte provided tax advisory services to an audit client.
The caution comes as a result of its inspection of the firm, which included a review of the Big Four auditor’s policies, as well as rigorous review of 17 audits by Deloitte. Of these, 12 (2012/13: 11) were performed to a good standard with limited improvements required and four audits (2012/13: two) required improvements. One audit (2012/13: one) required significant improvements in relation to the testing of the collective and individual loan loss provisions.
In relation to threats to its independence, the FRC singled out Deloitte’s provision of tax advice to an audit client. The tax advisory work included advice on transfer pricing arrangements and correspondence with the tax authorities, including defending the entity’s position in relation to certain tax disputes.
However according to the FRC, the significance of the independence threats arising, and the effectiveness of the available safeguards, were not adequately assessed by the audit team.
While the firm requires the safeguards applied for tax advisory services (where permitted under the Ethical Standards), to include the use of separate tax audit and advisory teams, its own guidance states that this only applies to staff at senior manager level and above. As a result, audit teams may consider it appropriate to use more junior staff in both the advisory and audit work, even in situations where they are performing the majority of the audit procedures or are taking judgments in the advisory or audit work.
‘The Ethical Standards require an assessment as to whether informed management exists where there is a potential management threat. The firm’s standard audit work programme for consideration of independence matters does not specifically cover this requirement. In addition, there was little or no evidence of this assessment, where relevant, for the audits we reviewed,’ the FRC said.
The firm’s increasing use of offshore centres in India and the US (known as USI) has been flagged up as an area of concern.
In particular, the FRC said that there appears to be no restriction on the nature of the audit work that USI staff can be involved in. While the project began on a pilot basis only in 2013, involving less than 1% of UK audit hours, the firm plans to increase this.
‘[Deloitte] allows USI staff to be involved in areas of significant risk and those involving judgement. We understand that the firm is intending to encourage audit teams to allocate USI staff full sections of the audit, in order to give them a better understanding of the work. Care is needed in adopting such an approach, given that the USI staff do not visit the audited entity and, therefore, may not always have the necessary understanding of the specific risks associated with the audited entity.
‘The firm’s policy and audit manual does not make any reference to the use of the USI centre. While the firm has issued guidance to audit teams, to date this has been limited.
‘There are also aspects of the quality control procedures of the USI centre that require improvement, such as the training and guidance on specific UK requirements.
‘In addition, while the individual audits are within the scope of the firm’s practice review, the quality control procedures of the USI centre are not separately assessed as part of the firm’s monitoring procedures,’ the FRC warned.
The FRC appeared perplexed that four individuals – who had been involved in audits which previously had adverse findings by the FRC’s Audit Quality Review panel – went on to receive an increase in their bonus compared with the prior year, even though this was communicated during their appraisal process. ‘It was not possible to determine if, or how, the level of bonuses were affected by audit quality considerations,’ the FRC said.
On the back of its criticism of poor quality audits in banking and building society sector – leading it to spotlight this area for detailed review in the next year – the FRC found severe shortcomings in the audits of two financial services entities, conducted by Deloitte.
In its individual inspection report on the firm, the FRC said that in both financial services entities’ audits, there were issues relating to testing of the collective and individual provisions.
‘These issues included the approach to testing the controls over the identification of impaired loans and other aspects of testing the completeness of the provisions.
‘There were weaknesses in the testing of the loan impairment models and assumptions, used as the basis for the collective provisions, and in the testing of the property valuations used in determining the individual provisions,’ the FRC said.
There were also problems with the way in which risks were considered in relation to revenue recognition. ‘On one audit the presumed significant risk relating to revenue recognition was rebutted by the audit team, but there was no internal consultation on the matter, as required by the firm’s policies,’ the FRC said.
In four audits the identified significant risk was limited to the recognition of revenue in the correct accounting period. There were also weaknesses in 10 of the 15 audits reviewed for testing of IT controls, relating to reliance on management reports or spreadsheets.
Deloitte’s managing partner for audit, Panos Kakoullis said the firm considered the FRC’s report a ‘balanced view of the focus and results of its inspection’.
‘As part of our agenda of continuous improvement we have given careful consideration to each of the FRC’s comments and recommendations.
‘This has included investigation of the root causes of each of the findings,’ said Kakoullis.
Interview with Nick Land, chair, Vodafone audit committee
Last year, Vodafone caused a stir by being the first FTSE 100 company to adopt and produce the new-style external auditor’s report, which gave far more information and insight than investors had previously been accustomed to.
This was hardly surprising, given that the mobile telecoms giant’s audit committee chairman is Nick Land, chairman of the FRC’s Audit and Assurance Council.
And then this year, the company brought to an end its 26-year relationship with auditor Deloitte, switching to its Big Four rival PwC.
‘It is not something that happens every year,’ says Land, ‘but it does take up a chunk of time. Companies and auditors are very conscious of ensuring that the process is as efficient as possible, and is economic both from the company’s and the auditors’ point of view.’
Land says that was certainly how Vodafone designed the process. All members of the audit committee were involved, though the chairman inevitably had a bigger role, meeting with the audit firms, and giving them an appropriate amount of time.
‘I probably met each of the lead partners four times, and was monitoring how the whole process was going, keeping on top of all the presentations. Generally, it all becomes a bit more intense over a period of a couple of months,’ he says.
From Land’s perspective, it must have been interesting to be on the other side of the table – before joining Vodafone’s board in 2006, he had spent 36 years at EY, the last 11 as the firm’s chairman and senior partner, so he would have been no stranger to the bidding process. ‘It’s more fun being on this side,’ he jokes.
The 66-year-old also holds a number of other non-executive positions, such as with chemists Alliance Boots, aviation support provider BBA Aviation and investment manager, the Ashmore Group. During the Vodafone audit process, he admits there had to be a bit of diary juggling, but otherwise, he accepts that the audit committee will be required to do much more of the ‘heavy lifting’ of governance work for the main board.
For Land, one of the key challenges for audit committees has been the need for a more explicit report on how the quality of the audit has been assessed.
‘It is the right thing to do, but it is not easy. You can assess the service, but has the auditor carried out a robust audit?’
Such requirements are having a cumulative impact on the workload for audit committees, even though they haven’t fundamentally changed the work.
‘Unlike the new audit report, which is revolutionary, I think the changes for the audit committee have been more evolutionary, and they have raised the profile of the audit committee,’ Land explains. ‘There is also the trend of audit committees doing more heavy lifting around risk processes.