Section 8 of the White Paper outlines the government’s proposals aimed at increasing audit quality and audit market resilience, drawing on many of the recommendations of the Competition and Markets Authority’s report into the statutory audit services market published in April 2019. In this, our fourth bulletin on the White Paper, we therefore consider some of the key areas which the government will have to address, with the benefit of insight provided by any responses to the consultation.
There are three key proposals: the introduction of a managed shared audit regime for all FTSE 350 companies (section 8.1 of the White Paper); the operational separation between audit and non-audit services within the largest firms (8.2); and increased statutory powers for ARGA to monitor and report on resilience in the audit market (8.3).
The Government has not adopted some of the CMA proposals, relating to remuneration deferral, audit firm ownership, technology licensing, notice periods and non-compete clauses. The Government has also made clear it does not intend to shorten the current tendering and rotation periods for audit.
The managed shared audit proposal, to be applied to FTSE 350 companies “with limited exceptions”, would apply where the group auditor was not a Challenger firm. The proposed definition of Challenger firm is a statutory auditor that carries out less than 15% of FTSE 350 statutory audits measured by audit fees. The plan set out in the White Paper envisages that when statutory audits next come up for tender, those FTSE 350 companies subject to the requirement must appoint a Challenger Firm to “a meaningful proportion” of the statutory audits of subsidiaries, measured by quantitative criteria (such as total audit fee in the prior year, group revenues, profits and assets). This new requirement would be backed up by a new enforcement and sanctioning power against non-compliant companies (paragraph 8.23). Further clarification will be required as to what would constitute “a meaningful proportion”, as the White Paper text is not entirely self-explanatory on this point.
The examples of exemptions mentioned in the White Paper do not appear to include FTSE 350 companies which have largely or exclusively overseas operations; it is hard to see how requiring managed shared audit in such cases could achieve the objective of increasing choice and competition in the UK audit market. For the same reason, it is to be expected that new law or guidance in this area will seek to prevent or deter companies from meeting the shared audit requirement appointing a Challenger firm to audit overseas operations.
The Government seeks input on whether the allocation of audit work by a FTSE 350 company to a Challenger firm should be based on legal subsidiaries. There appears to be a general view that this is probably the most sensible method by which to implement managed shared audit, and has the benefit of having many familiar features in common with existing arrangements by which, for example, overseas component audits are undertaken by other firms, albeit those are usually firms in the same network as the group auditor of the FTSE 350 company.
The Government’s proposals do not suggest alternative forms of sharing to an allocation by subsidiary. Any alternatives would require clear delineation of the areas of the audit work to be performed by the Challenger firm, to address the risk that issues might fall into a hidden gap between the two firms.
The White Paper does not clarify whether the Challenger firm would be named as a subsidiary auditor in the FTSE 350 company’s annual report; ISA 600 would prevent reference to this arrangement being made in the group auditors’ report.
The distinguishing feature of the White Paper proposals for shared audit is that the Challenger firm would have “access to, and engagement with” the Group Audit Committee, in preference to a scenario where the Group Audit Committee “would only engage meaningfully with the group auditor” (8.1.17).
The White Paper does not discuss what such access and engagement would entail. For example, it seems likely that a Challenger would prepare its own standalone report to the Group Audit Committee on the relevant subsidiary, and would have access to group audit discussions with Group Management and the Chair of the Audit Committee in connection with the preparation of the reports to the Audit Committee and the resolution of issues after the Audit Committee meeting, at least insofar as concerned the subsidiary audit.
By attending the Group Audit Committee meeting, the Challenger would obtain access to a large amount of information that is not directly relevant to the subsidiary it has audited; the legitimacy of this access could be addressed by enshrining in legislation the requirement for a Challenger to attend the Group Audit Committee meeting in a shared audit.
Would the Challenger firm be entitled to offer an opinion on particular group audit issues, extending beyond the ambit of the issues considered in their subsidiary audit work, if asked by members of the Group Audit Committee? Such an extension of scope does not seem intended by the White Paper proposal but it may be that guidance for Audit Committees would be useful in order to avoid both auditors being placed in a difficult position.
The presence of two auditors at the Audit Committee meetings carries with it the risk that the two auditors convey different views to the Audit Committee about the findings from the subsidiary audit if they are unable to agree beforehand, albeit the final responsibility for the group audit would still rest with the group auditor.
There would also be a converse danger of one auditor being taken to have acquiesced in or condoned any statements made by the other auditor if disagreement was not actually expressed. This risk could be addressed by setting out clearly to the Audit Committee the respective responsibilities of the auditors, and also through the use of cross-disclaimers of responsibility for statements and opinions expressed by the other auditor.
The Government proposals seemingly envisage that the mandatory audit obligation would be placed on the FTSE 350 entity (8.1.12), and that the audit tendering would be overseen by the Audit Committee of the FTSE 350 entity, and that this Audit Committee would both identify the subsidiaries that could be audited by a Challenger firm and then appoint the group auditor and the Challenger auditor (8.1.17).
Whilst it is possible to see how the Group Audit Committee could act as agent for the subsidiaries in tendering the audit, it is not clear from the White Paper how the Group Audit Committee would derive authority from the subsidiaries to decide that the auditor of certain subsidiaries should differ from the group auditor and to decide which firm should be appointed to audit them. Although it is to be assumed that the FTSE 350 company would be able to ensure that appropriate shareholder resolutions were passed by the subsidiary, it is possible that difficulties might arise at an earlier stage of the process where subsidiaries are under different management to the parent company and that management does not hold the same view as the parent Audit Committee on the Challenger’s appointment.
Another potential complication is provided by the separate proposal in section 7.2 of the White Paper for ARGA to impose additional requirements on audit committees in relation to audit appointments. It seems reasonable to suppose that such requirements and any further ARGA guidance to audit committees will recognise the need to implement managed shared audit, and permit flexibility in decision-making to enable this reform to take root.
The White Paper states that “The Challenger would be liable for its audit of the relevant subsidiaries but would not bear joint and several liability for the group audit” and the liability for the group audit would rest with the group auditor (8.1.12 and 8.1.17). This is a helpful insight as far as it goes but it is unclear whether the Government is proposing to enact statutory recognition that the Challenger would not be jointly and severally liable for the group audit opinion, and the White Paper does not address the risk that the Challenger might assume a liability to the parent company that is lesser in degree than liability for the group audit opinion.
Challenger firms performing a subsidiary audit in a shared audit context will be mindful that, absent a contractual relationship with the parent company, they would potentially have the benefit of such protection as is afforded by Barings Plc v Coopers & Lybrand (no. 4)  PNLR 16 which found that the subsidiary auditor in that case did not owe a duty of care to the parent company as it did not have in contemplation that its work would be relied on by the parent company in undertaking a class of transactions that would result.
However, although the current reform proposals involve an appointment by the Group Audit Committee of the Challenger firm to a subsidiary audit or audits, and the Challenger firm having access to the Group Audit Committee, the White Paper does not address the question of whether the Challenger firm would have a contractual or tortious relationship with the parent FTSE 350 Company as well as the subsidiary. In circumstances where the Challenger firm would be engaging (in some manner that is not defined in the White Paper) with the Group Audit Committee, it seems inherently likely that, notwithstanding the Barings case, there could be an assumption of some responsibility by the Challenger firm to the parent FTSE 350 company for that interaction.
If responsibility were to be assumed legally by virtue of this relationship between the Challenger and the parent company, then it equally seems to us to be inherently unlikely that attempting to disclaim liability to the parent for their comments to the Group Audit Committee would stand much if any prospects of being held effective in the eyes of the Court. Accordingly, Challenger firms therefore face something of a dilemma as to whether to seek to manage their potential exposures through a contract with the parent company, which could helpfully define and regularise the relationship in a contract with the parent company, to make clear what role is being performed by the Challenger firm in engaging with the Group Audit Committee (and, by extension, group management and the group auditor in a similar context), and the limits on its liability to the parent company for any views it expressed in the course of that interaction.
In principle, as the Challenger would not be providing an audit opinion report on the group and parent company’s accounts, any services provided to the parent company through interaction with the Group Audit Committee do not appear to fall within the scope of the auditor liability limitation agreement provisions of the Companies Act 2006 that have proved so unpopular with companies. Therefore it seems that a Challenger firm could seek to limit its liability in any contract with the parent company in the usual way that applies outside statutory audit.
A simpler solution, which to our mind would be more effective and more likely to enable speedier and easier adoption of shared audit, would be to create a statutory safe haven for the Challenger firm in a shared audit protecting it from liability in respect of the group audit which would need to go further than merely stating there is no joint and several liability. Regardless of whether that were to be enacted, there is also a strong argument in our view for clear regulatory guidance in respect of the Challenger firm’s interaction with the parent company. Together, this would substantially aid achieving the objective of opening market competition without putting Challenger firms at risk of assuming more extensive liabilities.
The group auditor would need to be made aware of the scope and content of any interaction that the Challenger firm had agreed with the parent FTSE 350 company because of the possibility that such communications would impact on the parent company’s financial reporting or on the audit conclusions.
If the legislation that introduces shared audit does not afford complete protection to a Challenger firm as regards liability to the parent FTSE 350 company, questions might arise in relation to the apportionment of liability between the group auditor and the subsidiary auditor for the group audit. In theory, any such issues could be addressed before the commencement of audit work through an agreement between the auditors or a tri-partite agreement with the FTSE 350 company, but this seems an over-complicated solution that might create more tensions and difficulties than the risk it would seek to address.
The White Paper makes clear that the Challenger firm’s audit work in shared audit would be subject to the FRC’s audit quality review (8.1.17).
The White Paper does not specifically state which enforcement regime would apply to the Challenger firm’s audit work, but on the assumption that the normal principles would apply then it would seem that the Challenger firm’s audit will not be subject to the Audit Enforcement Procedure (unless the subsidiary being audited is itself a PIE) and would still fall within the scope of the professional members bodies’ disciplinary procedures. Although this reflects the current position that would arise where a component audit of a subsidiary of a PIE is performed by a different firm, the shared audit proposals would bring about a massive increase in the number of companies where this bifurcation exists and bring about a greater likelihood of divergent disciplinary proceedings by different bodies arising out of closely related issues concerning the adequacy of subsidiary audit and group audit work.
If managed shared audits do not succeed in enabling Challenger firms to win appointments as sole auditors of FTSE 350 companies, the Government proposes that in future it may introduce a market share cap to ensure that a proportion of FTSE 350 audits being presented for re-tendering would be awarded to Challengers. The Government recognises that further consultation would be needed on this back-up plan, which would give ARGA the temporary power of deciding which companies should tender their audits only to Challenger firms, although the company (not ARGA) would retain the decision as to which Challenger firm to appoint as auditor (8.1.27 to 8.1.31). This would place ARGA under a considerable burden in arriving at an appropriate judgment in the exercise of such an unusual authority.
The Government’s proposals for operational separation of audit and non-audit services are arguably less transformative than managed shared audit, if only because the largest firms have already voluntarily moved towards this model in accordance with the Principles of Operational Separation published by the FRC last summer. The voluntary adoption of operational separation raises the question of whether any codification is necessary.
Initially at least, the Government envisages a high qualifying threshold for application of the operational separation proposals, limiting the operational separation requirements to firms that generate audit revenues from FTSE 350 audits that represent at least 15% of the FTSE 350 total audit fees, all other firms being deemed “Challenger” firms for the purposes of the White Paper. This proposal is based on the CMA’s conclusions that the provision of multiple services to the same clients had created financial and behavioural incentives that undermined audit independence and professional scepticism.
As such, the proposal is directed at improving audit quality rather than competition and choice (see Section 10 for further consideration of ARGA’s objectives), and the White Paper indicates that the intention is to extend operational separation in time to other firms auditing FTSE 350 companies. It is unclear whether the Government intends to monitor the success of operational separation before deciding whether to extend its scope to other firms.
It might be thought that the 15% threshold is a somewhat stark dividing line, and that the proposal could benefit from some phasing in a range around that threshold.
One of the proposals made by the Government involves the regulation of audit partners’ remuneration structures in order to align financial incentives with audit quality, using the firms’ new independent Audit Boards which are to provide independent oversight of the firm’s audit practice, its strategy for improving and monitoring audit quality and culture, remuneration policies and the approval of a CEO of Audit. The Government suggests that the regulator will work with the firms and the new Audit Boards to set principles for the standards of quality and the metrics and methods to be used in measuring and appraising audit quality, in the context of setting audit partner remuneration.
This raises a number of questions about the consistency and reliability of audit quality reviews themselves. Ultimately, audit quality reviews involve an element of judgement based on limited procedures, and as such are prone to error like other similar kinds of review. The robustness of FRC’s own Audit Quality Reviews (“AQR”) has been open to question where an AQR review has missed issues which have subsequently been identified in Enforcement after the collapse of the audited entity; conversely, the opportunity for further analysis in constructive engagement or Enforcement has sometimes resulted in earlier AQR conclusions being undermined.
The metrics and approach used for measuring audit quality for the purposes of auditor remuneration are likely to prove controversial for those and other reasons. Individual auditors will now be rewarded as well as sanctioned by reference to the quality of what is essentially a team effort, rather than personal effort. Will AQR results be taken into account, notwithstanding the firm’s internal views as to whether the AQR findings were correct? What allowance, for example, is to be made for audits that are higher risk or more complex? Should the audit partner be penalised for quality issues that could not reasonably have been identified from partner supervision and review? Finding an approach that genuinely incentivises audit quality and does not disincentivise auditors already facing the risk of higher sanctions (and potentially repel new entrants to the profession) will be a difficult balance.
The Government intends to create powers for ARGA to require full structural separation in future, subject to consultation and after considering evidence of the efficacy of the current proposed reforms. Given the magnitude and significance of any such compulsory full separation, not to say the host of issues as to exactly how that might be done in practice and the concerns that have been voiced about its implications, it seems to us that specific details of when and how enforced structural separation would be imposed ought to be a matter for primary legislation rather than being left to be dealt with under a reserve power for ARGA.
The White Paper proposes granting ARGA quite extensive powers in relation to audit firm monitoring.
The proposals build upon the current voluntary firm monitoring arrangement with the seven largest audit firms, through which the FRC can currently ask for details of a firm’s insurance arrangements amongst other things. However, the proposed powers would require all PIE audit firms to provide information about their ongoing financial viability, including in relation to their performance, risk management, internal controls, financial resources (including capital reserves), budgets and insurance arrangements. The Government emphasises the importance of ARGA receiving powers to obtain information from UK audit firms on captive insurance arrangements (including obtaining details of the structure of captive insurers, their reinsurance arrangements and solvency); it is unclear how it is envisaged this information could be obtained by ARGA if the UK firm does not hold or have the right to such information in the first place.
It is important that at the time of enshrining of such arrangements in legislation, the opportunity is taken to delineate the purpose and scope for which this information can be held, to ensure that it is only used for the purpose of assessing the potential risk of financial distress and to prevent, for example, material being used by ARGA in enforcement action unrelated to the viability of firms or being passed through gateways to other regulators, because of the risk that sensitive material of this kind might from there become available to third parties (for example through disclosure of unused material in enforcement actions by ARGA or other regulators against respondents other than the audit firm itself).
The White Paper includes potentially far-reaching proposals regarding the regulatory approach in the event of a large audit firm collapsing (see paragraphs 8.3.21 – 24). In summary, the Government rejects the CMA’s proposal of intervention by the regulator in the event of collapse, favouring instead the triggering of the proposed powers to impose a market share cap to prevent further concentration of the statutory audit market. Whilst not as significant a reserve power as full structural separation, this again seems to us to be of such potentially far-reaching significance that at least the parameters and broad outline of how the power might be exercised ought to be properly scoped in primary legislation.