A major overhaul of audit following the Brydon report will see the creation of a separate corporate auditing profession, greater focus on fraud detection during audits, and the replacement of the ‘true and fair’ concept
Sir Donald Brydon has published his final report on audit reform with the proposals for wholescale reform of listed audit now with the government for review.
In his preface, Brydon said ‘audit is not broken but it has lost its way’, and said his recommendations were designed to ‘help auditors earn back shareholder and wider public confidence’ in the wake of accounting scandals such as Carillion and Patisserie Valerie.
Brydon stated: ‘There needs to be a fundamental shift in definition and approach to ensure that all appropriate opportunities are taken for the auditor to inform as well as to confirm and verify.’
Some of the more radical proposals include the inclusion of fraud analysis in the audit remit and a replacement of true and fair with a greater focus on going concern. In future audit committee composition should include a wider range of members, not only those from the accounting profession, including those with ‘an enquiring mind and able to make robust independent decisions’.
At the same time, Brydon questioned the oversight of the profession, proposing that the new audit regulator, the Audit Regulatory and Governance Authority (ARGA) should be responsible for accrediting audits, not individual institutes such as the ICAEW and ICAS.
Brydon said: ‘ARGA should facilitate the establishment of a corporate auditing profession based on a core set of principles. ARGA should be the statutory regulator of that profession.’
Brydon noted: ‘The question of fraud and auditors’ related responsibilities is the most complex and most misunderstood in relation to auditors’ duties.’
To counter this, the report recommends that the new regulator, the ARGA, should amend ISA (UK) 240 Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements to make clear that it is the obligation of an auditor to detect material fraud in all reasonable ways.
The report recommends the introduction of ‘suspicion’ into the qualities of auditing as well as a package of recommendations aimed at raising the prominence and transparency of fraud prevention and detection by both directors and auditors.
These include a new reporting duty on directors to set out the actions they have taken each year to prevent and detect material fraud, as well as a corresponding new duty on the auditor to state in their report how they have assured the directors’ statement on material fraud, and what additional steps they have taken to assess the effectiveness of the relevant controls and to detect any such fraud.
Auditors should be required to undergo initial and ongoing periodic training in forensic accounting and fraud awareness, and ARGA should maintain an open access case study register detailing corporate frauds.
True and fair
The review wants the current true and fair assurance on accounts to be replaced in UK company law with the term ‘present fairly, in all material respects’.
It also makes a number of recommendations for auditors, including the requirement to create continuity between successive audit reports and to provide greater transparency over differing estimations, perhaps disclosing graduated findings. The report says auditors should call out inconsistencies in information made public and reference external negative signals and how they have informed the audit.
The report recommends the existing going concern and viability statements are replaced by a new resilience statement from the company’s directors which would incorporate a going concern opinion for the short term, a statement of resilience in the medium term and a consideration of the risks to resilience in the long term.
In addition, the audit report should include a new section in which the auditor states whether the director’s section 172 CA 2006 statement is based on observed reality, on the basis of the auditor’s knowledge of the company and its processes.
Directors should also set out in a public interest statement (as part of the strategic report) how they view the company’s legal, financial, social and environmental responsibilities to the public interest. This statement should explain how the company has discharged its self-declared public interest obligations and responsibilities, what actions it has taken to mitigate any externalities it has caused during the period, and how effective these actions have been.
The report calls for a redefinition of audit and its purpose, ideally enshrined in company law under the Companies Act 2006 (CA 2006). It suggests: ‘The purpose of an audit is to help establish and maintain deserved confidence in a company, in its directors and in the information for which they have responsibility to report, including the financial statements.’
In order for auditors to provide useful information to the users of audit reports to base their decisions, the report says that information should include original information (that is, to say, information not produced by the audited company for disclosure) that is likely to have a material impact on users’ decisions.
This could mean highlighting information in investor presentations and RNS announcements, rather than simply commenting on the information provided to auditors by the directors.
As part of this, auditors would be required to signal concerns raised by external factors which might indicated increased risk, such as extended short positions, covenant breaches, loss of credit facilities late payments and negative public commentary.
New audit profession
The report stated: ‘Auditing is too important to be left to an adjunct of another profession: it should be an independent profession in its own right, with its own governing principles, qualifications and standards.
‘At present it is an extension of the accounting profession, whose ethics and (arguably) mindset it largely adopts.’
The review said it found widespread confusion between the terms assurance, audit and statutory audit and said these should be replaced by one encompassing descriptor with a newly minted definition, that of ‘corporate auditor’.
This profession should encompass all ‘corporate auditors’, including the statutory auditors of the financial statements, and auditors of other corporate information, for example, information covering cyber security or related to environmental measures. Some of these corporate auditors may come from traditional audit firms, but others may come from new specialist audit entities.
In common with many of the report’s recommendations, defining the core set of principles for the new profession and ensuring that these are evident in audit inspections, will fall to the Financial Reporting Council’s (FRC’s) successor body as regulator of the sector, which is to be known as the Auditing, Reporting and Governance Authority (ARGA). Developing a specific auditor qualification, including education and training, should become a high priority for ARGA.
As part of this, the review says ARGA should revisit the existing definition of professional judgment with a view to strengthening, and demonstrating better, the use of judgment in audit.
However, the report does not support proposals raised in other reviews by the Competition and Markets Authority (CMA) and by Sir John Kingman for the introduction of joint audits of the largest UK companies.
Brydon stated: ‘Some would have liked my review to have expressed opinions on the impact of possible joint audits on the quality of the audit and the consequences in terms of clarity about liability incurred.
‘Whilst I have no doubt that there will be a relationship between joint audits and quality, it is far from clear what the impact of such audits would be on quality. As this possibility remains for the future and there is no UK data on which to base judgments, I saw no purpose being served by further entering the discussion on this topic. BEIS has consulted on the CMA proposals and the results of that work are awaited.’
The report also challenges the concept of an ‘expectation gap’ between what auditors do and what the public perceive them to do, which Brydon brands ‘a distraction’. He recommends that ARGA together with auditors and the Plain English Campaign produce a concise guide to audit, explaining clearly what the different elements of an audit report mean as redefined in this report and what, just as importantly, they do not mean.
The review recommends audit firms ensure a clear separation between the team which negotiates the audit fees, and the team which carries out the audit(s). Audit firms will be required to publish the profitability of their work from audit, and also the remuneration of their senior statutory auditors and the attendant performance measures around that remuneration.
Auditors should disclose, within the audit report, the hours spent on each audit by each grade within the audit team. Clear reasons should be given for any resignation, dismissal or decision not to participate in a retender.
The report also recommends a change in the law to require the audit fees to be shown on the face of the profit and loss account as being struck, like the dividend, after the reporting of post-incentive compensation profit.
As part of improved communication, any alternative performance measures reported by a company, and any use of key performance indicators to underpin executive remuneration, should be subject to audit.
Brydon calls for the government to give serious consideration to mandating a UK internal controls Statement consisting of a signed attestation by the CEO and CFO to the board that an evaluation of the effectiveness of the company’s internal controls over financial reporting has been completed and whether or not they were effective, as in SOX 302(c) and (d).
This attestation should be received by the board no later than 28 days before the accounts of the company for the relevant financial period are signed. The Board should then report to shareholders that it has received such an attestation. A failure of relevant controls in the 12 months prior to the attestation or in the 12 months following should result in a requirement for future statements to be audited for a period of three years following the failure.
The report recommends the government provide ARGA with the necessary legal framework as soon as possible, as this body will be the driving force for implementing its recommendations.
Brydon stated: ‘I recommend that ARGA acts as the midwife to create a new profession of corporate auditing, establishing the necessary professional body, to encompass today’s auditors and others with appropriate education and authorisation. ARGA would be the statutory supervisory body for that profession.’
The report suggests ARGA should continue the FRC practice of publishing annual quality inspection reviews, but says it should emphasise good practice as well as where there are issues. ARGA should also establish a formal confidential mechanism to interact with shareholders or other stakeholders to respond to concerns regarding particular audits.
The report noted: ‘It would be helpful if ARGA would play the role of a clearing house to ensure that boards are not over-encumbered with competing corporate governance priorities. In this connection I also welcome Sir John Kingman’s comment11 that ARGA “should be more sparing and disciplined than the FRC in promulgating guidance and discussion documents”.’
Finally, the Brydon review recommends a follow-up review be conducted in 2025 to consider how the recommendations in this report and those of the CMA and Sir John Kingman have been implemented.
In response to the report, an FRC spokesman said: ‘The FRC will study Sir Donald Brydon’s report with interest. Many of his recommendations, if accepted by the government, will have significant implications for the FRC in respect of our activities and resource requirements.
‘We have already implemented a number of the recommendations of the independent review of the FRC and anticipate being involved in delivering the broader reforms to the UK audit market that the government has initiated.’
The review consultation received 120 formal submissions comprised of around 2,500 pages of comment.