The Financial Reporting Council’s (FRC) newly announced investigation under the Audit Enforcement Procedure (AEP) KPMG’s auditing of Rolls-Royce following the SFO announcement in January of a Deferred Prosecution Agreement for offences including conspiracy to corrupt and a failure to prevent bribery is only the last in a long line of AEPs. And it’s not even the latest one.
PwC and retired partner Stephen Harrison were severely reprimanded and fined £5m, the highest yet, and £150,000, respectively, for misconduct in relation to three areas of audit: mobilisation costs, long-term contracts, and intangible assets relating to the 2009 audit of Connaught. PwC was also ordered to pay legal costs and to make an interim payment on account for these of £1.5 million.
Then in April, an investigation into Grant Thornton and Robert Napper (a retired audit engagement partner) led to a fine of £3.5 million reduced to £2.275 million after settlement discount, and a “Severe Reprimand” for Grant Thornton; exclusion for Napper from membership of the Institute of Chartered Accountants in England and Wales for three years and a fine of £200,000, reduced to £130,000 after settlement discount; and a sum of £200,000 to be paid by Grant Thornton as a contribution to legal expenses.
The case involved 12 allegations against Grant Thornton and Napper over the audit of the financial statements of AssetCo for the financial years ended 31 March 2009 and 31 March 2010, including:
Disclosures in respect of related-party transactions and restricted cash
Existence of significant amounts of finance lease debtors and related revenue, and measurement of substantial assets, including investments in subsidiaries, goodwill, and other intangible assets
Assessment of the going-concern assumption in the financial statements
Failures to apply sufficient professional scepticism in relation to a variety of matters material to the financial statements
The two parties admitted that “their failings arose as a result of the significant and widespread lack of professional competence and due care in the performance of the audits … [and] a significant failing in the application of professional scepticism, which should be at the core of the work of statutory auditors."
In March, the FRC announced the resumption of a disciplinary tribunal into complaints against PwC, and Stephen Harrison, a retired PwC partner in relation to an audit of Connaught and two of its subsidiaries: Connaught Partnerships and, ironically, Connaught Compliance in 2009.
“It is important that regulators acting in the public interest should review high profile issues. We will co-operate fully with the FRC’s investigation, which follows the SFO’s investigations into Rolls-Royce. We are confident in the quality of all the audit work we have completed for Rolls-Royce, including the 2010-2013 period the FRC is considering.”
KPMG response to FRC investigation
In November last year, the FRC handed out what was at that point its biggest fine ever to Deloitte and one of its partners John Clennett for misconduct in the auditing of Aero Inventory from 2006 to 2008. As with Grant Thornton and PwC, Deloitte and Clennett received a “severe reprimand,” also a fine of £4 million for the firm and of £150,000 for Clennett. Deloitte was also charged for all the legal costs of the proceedings with an interim payment alone of £2,275,000.
Commenting on this last case, Gareth Rees QC, executive counsel to the FRC, said: “This fine of £4 million is the highest recorded [though it has since been superseded by the PwC case above] by the FRC for misconduct on a Firm ... It is a clear indication of the importance of the highest standards being maintained in all audits and the seriousness of the failure to perform an adequate audit of these financial statements which led to misleading information about the profits and turnover of the company being made to the market.”
Clearly the FRC is flexing its muscles. But why are all these cases so old?
“Launching and carrying out these investigations is a very complicated process,” said Oliver Parry, head of corporate governance at the Institute of Directors. “The FRC has to wait until other authorities, like the Serious Fraud Office, have completed their investigations until it can begin its own. Then they must look at whether or not the reports were compiled in a true and fair way, looking at relationships, making sure that there was no undue process around the filing of annual reports and accounts and basically ensuring that the auditors that were in situ at the time carried out their responsibilities to a high standard. These things do take time, and the FRC has only had really sharp teeth for around two and half years, but it’s perfectly in their remit to go back and look at accounts from the past. Why I think a lot of things are backdated is because they’re trying to look at things through the new regulatory prism.”
“ … there are benefits to be gained from fresh insight. Even if the current firm is reappointed, the experience of the tender process can reinvigorate the audit approach.”
Melanie McLaren, Executive Director, Audit and Actuarial Regulation, FRC
Yet, the FRC announced in June last year an investigation into the conduct of KPMG’s audit of HBOS for the year ended 31 December 2007. KPMG’s response to this announcement was somewhat more tetchy than its response to the Rolls-Royce investigation: “It has now been eight years since the financial crisis. The FRC, PRA [Prudential Regulation Authority], and FCA [Financial Conduct Authority] have already looked at the events that led to the failure of HBOS in exhaustive detail, and we have cooperated fully with all inquiries and investigations. We will continue to do this, but trust and ask that the investigation be completed as quickly as possible.” Not to mention government enquiries from several select committees. KPMG, in its defence, noted that HBOS reported pre-tax profits of £5.5 billion in 2007 and continued to raise capital well into 2008. Everybody else thought the bank would continue to be profitable, and then Lehman collapsed with we know what result.
KPMG’s response also points to the very different standards for audit that were established at that period: “Throughout it has been our position that our audits of HBOS were performed to the appropriate prevailing standards. We are confident that our work will stand up to objective scrutiny.” And it is true. An enormous amount has changed in terms of the audit regulatory landscape, and the industry is in a much better place now regarding quality and effectiveness than was the case before the EU Audit Regulatory Directive (ARD).
“The genesis of where we are now is that we are in a far better position,” said Parry. “The regulator can do a lot more in proper policing of auditors than it’s ever been able to. Many years ago, it was a cobbled-together regulatory system, but we are now in a stronger position. Just look at what happened with Arthur Andersen; you understand what can happen when an auditor fails. That’s one of the reasons why we’re in this position now, why we have a proper regulatory system in place.”
One of the many changes put in place by the FRC as a result of the ARD is auditor rotation. Within the flexibility of the EU regulations, the United Kingdom adopted the option to extend the audit engagement period to 20 years as long as the contract is put out to tender at least every ten years. At the end of 20 years, companies must appoint a new auditor.
AUDIT TENDERING LESSONS
Areas where audit tendering lessons have been learnt include:
Timing of a tender – how this coincides with other factors such as Board changes and rotation and retendering requirements throughout the group.
Which firms to invite to tender – identifying the need for industry and /or geographic knowledge, and understanding investors and regulators views of individual firms
Balancing professional services – how to manage conflicting requirements of different professional services and whether to prioritise audit.
Engagement with investors – the timescales of announcing the audit tender process and other milestones in communicating with shareholders.
Getting the right audit team – exploring the skills and experience needed from an audit engagement partner.
Decision-making approaches – whether to give technical challenges, hold meetings with management and assessing the response to the request for proposal.
Source: FRC tendering report
In February this year, the FRC released a report on the progress of auditor rotation following its introduction in June 2016. Rotation is intended to “improve confidence in audit for investors and audit committees whose job it is to appoint them,” according to the report. “The selection process can be time-consuming, so the FRC recommends involving the whole of the audit committee, discussing with investors which audit firms will be invited to tender, and engaging with firms before the process starts to ensure the right teams are involved.” A set of best practice guidelines that resulted from a series of roundtables with the chairs of audit committees, investors, and senior audit engagement partners from the larger audit firms is given in the box to the right.
“The outside auditors are appointed by the audit committee, and that’s a job for the company, and then the investors get to vote on keeping the same auditor—the item comes up at the AGM every year,” said Parry. “The audit committee has to put the contract out to tender, so it has to be a transparent process. The independent directors are supposed to be working for the long-term interest of their companies when making those decisions; that’s what the law says. And clearly an external audit is an important part of that. You need a robust external assessment of the company’s financial position and, of course, the non-financial. I have faith in listed companies that they are fulfilling those objectives and that auditors are being appointed independently. And, yes there have been some questions about the closed and lengthy relationships between auditors and their corporate partners. But that’s changed now; they have to put contracts out to re-tendering, and re-tendering is on the up according to the latest statistics.”
Re-tendering is up, and so is audit quality according to the FRC, but not as much as it should be. In March this year, the FRC put out another report on quality control procedures for audit firms, based on its latest thematic review. According to the report: “One-third of the audits sampled for the review required more than just limited improvements suggesting that the quality control procedures adopted by the firms had not been effective.” According to the FRC, improvements could be made by:
FRC AUDIT QUALITY CONTROL GOOD PRACTICE
The FRC’s Audit Quality Thematic Review identified areas of good practice including:
Half of the firms have a dedicated board or committee that oversees all matters relating to audit quality, bringing all the elements together and ensuring audit quality has specific prominence and focus in the firm’s leadership agenda.
Two firms have set out their audit quality procedures in a ‘three lines of defence’ model, helping to understand how these audit quality procedures interact together to achieve audit quality and minimise the risk of inconsistency.
Initiatives to achieve consistent audit quality, identify areas for improvements and monitor the effectiveness of training in specific areas requiring improvement.
Audits with a higher level of partner and director involvement had a greater likelihood of achieving a high quality outcome prior to issue of the audit report.
Source: FRC audit quality control report
The appropriate involvement of specialists in the audit with sufficient reporting of their work where this was important to achieve audit quality.
Firms considering whether there are any insights arising from their root cause analysis where their quality control procedures could be enhanced to further improve audit quality.
In 2017/18, the FRC thematic reviews will focus on how firms’ governance and culture support the delivery of further improvements in audit quality.
But, however often an auditor is replaced, it still does not remove the suspicion that, even though the hiring of the new auditor is done by the audit committee consisting of independent directors, it is a little like the Politburo asking the KGB to make sure it is not breaking any of its own regulations. A further step of independence, such as the closer involvement of investors in the process, would give greater confidence.
But if a company is really intent on breaking rules, it is not just auditors, but also audit committees, that are only given the information that the company wants to release to them. Likewise, it is only when an auditor’s failure to turn up a company’s wrongdoing comes to light that investors are in a position to say they don’t approve of said auditor. It is difficult for them to be in a position to vote on the reappointment of an auditor without the full and complete facts at their disposal.
“You are right on the role of the regulator in that regard,” agreed Parry. “The appointment of a new auditor has to be done with objective factors in mind. If something happens further down the line then you have to question the relationship. But you have to have faith that the FRC is doing a good job. The FRC does need to demonstrate to a wide group of stakeholders that it is taking its responsibilities very seriously and, actually, I would argue that they are.”