KPMG cites internal control weaknesses in BT Group review

In a May 21 letter to BT Group’s board of directors, KPMG expressed its opinion that the company “did not maintain effective internal control over financial reporting as of 31 March 2020 [the end of its financial year], because of … material weaknesses related to general IT controls and risk assessments.”

KPMG’s findings are the latest blow to BT, which appointed KPMG as its external auditor in June 2018 after ending its decades-long relationship with PwC following the 2017 discovery of accounting irregularities in BT’s Italian business. In a statement made at the time, BT said “the extent and complexity of inappropriate behavior in the Italian business were far greater than previously identified and have revealed improper accounting practices and a complex set of improper sales, purchase, factoring, and leasing transactions.”

These activities, BT said, “resulted in the overstatement of earnings in its Italian business over a number of years.” The write-down of items on BT’s balance sheet almost quadrupled to £530 million (U.S. $674 million) from the £145 million (U.S. $184 million) originally announced.

In the latest development, KPMG’s letter to the board was included in a regulatory filing along with BT’s annual report, in which the company admitted it had more enhancements to make in its internal controls over financial reporting. “In 2018/19 management undertook a continuous improvement and enhancement program in relation to its framework of internal control over financial reporting,” BT’s annual report stated. “This program identified two areas requiring remediation, specifically, IT general controls and risk assessment, which were reported as material weaknesses in 2018/19.”

“While management have made good progress in remediating these material weaknesses during 2019/20, the remediation activity had not fully been completed in the year,” the annual report continued. “Therefore, management has concluded that our internal control over financial reporting was not effective as of 31 March 2020 due to the material weaknesses in relation to IT general controls and risk assessment.”

Compliance actions

“During 2019/20, we carried out an internal evaluation of the committee led by the chairman and the company secretary,” the company stated. “Members, attendees and KPMG, completed questionnaires and the committee discussed the responses and key findings.”

Among the key actions agreed to by the committee for 2020/2021 includes increased focus and scrutiny of internal controls, “including IT general controls and information used in controls,” and “further time to be spent on the IT and technology landscape to understand what changes are required and to monitor and challenge progress.”

Additionally, major transformation projects include “closely monitor[ing] major finance, control, and compliance transformation projects including the ‘One BT’ integrity and compliance program and the progress of finance transformation.” The company also plans to continue with enhanced risk reviews of its key risks and other critical areas.