On Wednesday 28 October 2020, the Industry and Parliament Trust hosted a Breakfast Meeting that discussed Addressing Corporate Failure: The Future of the Audit Industry. Held virtually on Zoom, this event was chaired by Nigel Mills MP, Select Committee on Work and Pensions. I had the pleasure to speak at this event alongside James Barbour, Director of Policy Leadership, Institute of Chartered Accountants of Scotland (ICAS). This blog presents my views and the discussions we had on enhancing the performance of the external audit service in the future.
The Current State of the External Audit Profession
The audit profession is currently facing severe scrutiny, criticism, and penalties for failing to detect material fraud or forewarning shareholders of corporate collapse in high profile cases in the UK including BHS, Carillion, Patisserie Valerie and Redcentric. Recent Financial Reporting Council (FRC) audit inspection reports also indicate that auditors are not conducting proper fraud risk assessment and continuously failing to perform basic audit procedures.
While acknowledging that auditors are not responsible for detecting all types of fraud, they cannot deny their responsibility for detecting material[1] fraudulent financial reporting and asset misappropriation as detailed in the UK International Standards on Auditing (ISA 200; ISA 240; ISA 315). Auditors’ repeated failure to detect material fraud could threaten the existence of, and in turn the need for, external audit in the future. For that reason, it is imperative to focus on how to reinforce the public’s trust in the audit profession.
How Could the Current State of External Audit Be Improved?
I would like to emphasise that the public’s trust in the audit profession will only be reinforced, if the audit profession focuses on:
(i) Improving auditors’ skills in detecting material fraud; and
(ii) Maintaining auditors’ independence.
Without detecting material fraud and maintaining auditors’ independence, there will be no need for the external audit profession in the future. Besides, the benefits of this surpasses the cost (e.g. cost of penalties; reputational damage; and loss of business due to poor audit quality).
Improving auditors’ skills in material fraud detection
Auditors’ lack of fraud-related knowledge is indeed an inhibitor for their success in detecting material fraud. Before making a professional judgment on whether fraud is material or not, auditors must first understand the nature of fraud. If auditors lack knowledge about fraud, then how could they identify fraud from error? Therefore, I recommend that forensic accounting and anti-fraud education should be embedded into professional audit training as well as audit professional qualifications. Alternatively, forensic accountants or financial fraud investigators should be appointed to the audit team to help with fraud risk assessment.
Another important recommendation is that audit firms should emphasise the importance of fraud risk assessment to their audit teams and monitor auditors’ compliance with the requirements of the audit standards for fraud risk assessment. In the meantime, the FRC should put more emphasis on monitoring audit firms’ approach to fraud risk assessments in future audit inspections.
Providing guidance to auditors on how to effectively assess and respond to fraud risk is also crucial. Sharing best practices in fraud risk assessment among audit firms could help. But also, the audit standards should provide more guidance in this area. Currently, the audit standard (ISA 240) is lacking important guidance. For example, auditors are required to assess management integrity, motivations for fraud, and rationalisation of fraud, but there is no guidance on the audit standards on how auditors could asses these three fraud factors.
Finally, we discussed the significance of auditors reporting separately on the effectiveness of audit clients’ internal control systems (similar to Sarbanes Oxley in the US). Any weaknesses in internal controls could increase the risk of opportunity for fraud; hence it is worth considering a separate audit report on the effectiveness of audit clients’ internal controls. I recommend that this report should focus more on the quality of anti-fraud controls implemented by the audit clients as well as the control environment (i.e. tone at the top).
Maintaining auditors’ independence
Several factors could impair auditors’ independence including audit firm rotation and audit tenure; the payment of audit fees by management; and the provision of non-audit services to audit clients.
The debate around audit firm rotation and audit tenure was particularly an interesting one. Current audit regulations in the UK require audit partners rotation after five years, but audit firm rotation could take up to 20 years. We discussed that this could increase familiarity threat[2] which in turn could impair auditors’ independence. I recommend that audit partner rotation should be replaced by audit firm rotations every 5-6 years. This is, in my opinion, a sufficient period of time to gain industry knowledge but without increasing familiarity threat.
I also recommend that audit firms be prohibited from conducting any non-audit services to their current audit clients. Additionally, audit fees should be paid and monitored by either the FRC or delegated to any other independent regulator. Management would pay the audit fees directly to the independent regulator in order to reduce the intimidation threat[3].
To summarise, the following are key recommendations to consider in order to improve the current state of the external audit profession:
- Providing anti-fraud education and training for auditors
- Audit firm rotation after 5-6 years
- Delegating the payment of audit fees to an independent regulator
- Prohibiting the provision of any non-audit services to audit clients
- Requiring auditors to report separately on the effectiveness of audit clients’ internal control systems with more focus on anti-fraud controls
- Monitoring auditors and audit firms’ compliance with the audit standards’ requirements for fraud risk assessment and response.
Words by Dr Rasha Kassem, Assistant Professor, Coventry University
[1] Materiality concerns the significance of an item to users of financial statements. A matter is "material" if there is a substantial likelihood that a reasonable person would consider it important.
[2] A familiarity threat exists if the auditor is too personally close to or familiar with employees, officers, or directors of the client company.
[3] Intimidation threat. Occurs when a member of the audit team may be deterred from acting objectively and exercising professional scepticism by threats, actual or perceived, from the directors, officers or employees of an audit client.