Menu Search through site content What are you looking for?
Menu

White Paper Bulletin 7 – supervision of audit quality and additional changes in the regulator’s responsibilities (Chapters 9 and 11 of the White Paper)

  • 24 May 2021 24 May 2021

In this, our seventh article in our series on the Government’s White Paper ‘Restoring trust in audit and corporate governance’, Clyde & Co Accountants’ Liability and Regulatory team examines the Government’s proposals for supervision of audit quality and additional changes in the regulator’s responsibilities, set out in Chapters 9 and 11 of the White Paper: the tools to be provided to the new regulator as part of the exercise to strengthen it.

Please see our sixth article on Chapter 10 of the White Paper, which examines the Government’s proposals to strengthen the regulator by legislation.

Taken together, Chapters 9, 10 and 11 suggest a formidable consolidation of power in the new regulator, the Audit, Reporting and Governance Authority (“ARGA”): a significantly extended scope, underpinned by statute, to: enable the regulator to control entry to the UK statutory audit market; make public the results of its audit monitoring in individual cases (without the consent of audited entity or auditor); actively intervene in cases of serious concern before a public interest entity (“PIE”) reports; impose a skilled person review on PIEs; cement its oversight of the Chartered professional bodies; and take enforcement action against Chartered professional body members in relation to breaches in public interest cases regardless of whether those members are engaged by a PIE.

As noted in our sixth article, these proposals come condensed, almost hotch-potch, at the end of the White Paper. However, in tandem with the proposed introduction of a statutory enforcement regime for company directors, they indicate the remarkable depth and breadth of authority which it is proposed should be vested in the new regulator. Specifically, they emphasise that the regulator’s muscle is to be flexed in anticipation of crisis rather than predominantly in response.

Chapter 9 – Supervision of audit quality

Four tools are proposed to strengthen ARGA’s supervision of audit quality: audit firm and individual auditor approval, publication of Audit Quality Reviews, a limited override of legal professional privilege, and access to overseas component working papers. We have separately addressed the question of legal professional privilege in Bulletin 2, and take the remainder in turn below.

Approval of statutory auditors of PIEs

ARGA, rather than the Recognised Supervisory Bodies (“RSBs”), is to have responsibility for approval of firms and individuals as statutory auditors of PIE entities on the stated bases that: (1) the RSBs do not, under current arrangements, have sufficient power to address systemic quality issues; and (2) an important cause of poor quality audits is weak performance by the lead auditor. The White Paper does not suggest any empirical evidence to support these contentions. There is an implication, nonetheless, that approval, oversight and enforcement should all sensibly be undertaken by the same body. Notable in this section of the White Paper is the expressed intention to revoke the current direction requiring the FRC to delegate these eligibility, approval and “other tasks” (paragraph 9.1.10) (which are not specified) to the RSBs other than in certain circumstances, and that the exceptions will be a matter for the regulator to decide. It seems that authority over statutory PIE audit firms and individuals, right from entry to the PIE audit market onwards, is to shift and concentrate exclusively in the regulator. Proposals on how this function will be carried out have not yet been developed.

The White Paper proposes that the RSBs would continue to carry out the task of determining whether individuals and firms are eligible to be appointed as statutory auditors of non-PIEs (paragraph 9.1.6).

Publication of Audit Quality Reviews

To “ensure higher levels of transparency as to the performance of PIE auditors” (paragraph 9.2.8 of the White Paper), (and, undoubtedly, to sharpen the monitoring of audit quality), reform focuses on the proposal to publish individual Audit Quality Reviews (“AQRs”), without ARGA requiring the consent of either the audit firm or the audited entity, and it being a matter for ARGA’s judgement as to whether to publish the reports in full or in summary. The White Paper states that the Government will put in place safeguards for the protection of sensitive information about audited entities. It recognises the limited practical use of both thematic reviews (which, it is stated, ARGA will continue to publish) and redacted/anonymised individual reports, but states that such anodyne reports are likely to be of limited use to investors. Once again, the rule-making in this potentially very sensitive area is to be left to ARGA.

Publication will undoubtedly excite vigorous consideration of what information may be published, and the adequacy of any safeguards suggested by ARGA. An obvious candidate for consideration will be privileged material (as to which see Bulletin 2), but there are additional categories of material to be concerned about:

  • price-sensitive information e.g. missed signals on going concern or other viability issues;
  • other commercially sensitive information e.g. judgements and estimates in relation to intellectual property, terms of business acquisitions and commercial arrangements with suppliers and customers; and
  • personal data e.g. data which may identify individual directors or auditors.

Each case of possible publication will require very careful consideration of whether:

  • there are compelling commercial or principled grounds to redact the above or other sensitive categories of material;
  • whether such redaction as is then adjudged necessary may, in fact, render the AQR insufficiently informative in the context of improving audit quality in the relevant technical context (as opposed merely to applauding or naming and shaming the auditor generally). By extension, publication of a summary of the AQR may not provide sufficient balance or context to justify the conclusions reached for an un-informed reader;
  • whether it is realistic to expect to publish a report on a PIE which identifies the auditor but not the audited entity, without the identity of the entity becoming readily discernible; that may be particularly sensitive in the case of publication of a negative AQR where no criticism of the entity is merited in the audit context.

Over-arching risk considerations by auditors may include the following:

  • the possibility that published, negative AQRs may stimulate claims by companies against auditors, or encourage stakeholders to bring claims against companies followed by onward claims against auditors. Specifically, to the extent that the auditor’s response to the AQR findings may be  included in the final form AQR, and it is to be presumed that that may be published also, if it contains concessions by the auditor as to deficiency in audit work (even if just expressed as intentions to improve), that may only sharpen potential appetite for claims against auditors;
  • the naming or other identification of the auditor and members of the audit team, with the consequent personal strain that that might entail and the possible deterrent effect for entrants into the profession;
  • whether concern by companies about publication of reports (with a consequential loss of confidentiality in their operations, and the attendant risk of damage to share price, claims or aggressive inroads by investors) may make those responsible for providing information, including individual directors, less forthcoming with their auditors.

At a high level, the regulator will have an array of apparently compelling responses to these considerations: good quality audit work will not result in a negative AQR for publication; celebrating (even partially) good quality audit work by publication of a positive AQR is effective to promote audit quality and competition; and the prospect of publication should be an indirect, positive prompt to companies and auditors, both individually and collectively. In addition, arguably, the identity of the audited entity (if discernible) is important information for investors and other stakeholders who may wish to query the financial statements, the quality of the audit, and whether the Audit Committee has properly been discharging its function.

However, the reality is that the AQR process is intended to afford a candid and constructive interaction between regulator and auditor with a view to improving audit quality. Even where all parties are genuinely committed to improving audit quality, human nature being what it is, the prospect of publication (to whatever extent anonymised or redacted) is likely to create a less co-operative attitude on the part of the auditor in the AQR process and, consequently, possibly a less forgiving attitude on the part of the regulator.

While consent to publication from audited entity or auditor is not required under the proposals, presumably ARGA would provide sufficient notice (and reasoning) to enable any affected party both to debate publication with ARGA, including perhaps whether a summary or the full report is published and if the former, the content of that summary, and to challenge a decision to publish. Already, discussions between audit firms and the regulator as to the final content of AQR reports can be very protracted. If the only route to challenge the regulator’s decision to publish lies in judicial review, threshhold applications for which take many months, realistically timetable alone prohibits that avenue. It seems unlikely that any party may have a remedy in defamation, on the likely basis that publication may attract qualified privilege. Absent any realistic means (beyond direct debate with ARGA) to challenge the content of an AQR or ARGA’s decision to publish it/some form of it, will the audited entity or auditor have any meaningful, public right of reply at any point? Certainly, in that context, an auditor is likely to be hobbled by his duties in confidence to his audit client.

Overseas component working papers

ARGA will have powers to require a UK group auditor to provide it with access to overseas component working papers. This will replace reliance on the current Recognised Supervisory Body rules requiring a UK audit firm to make arrangements for non-EEA component working papers to be available, upon request, for the regulator’s inspection of the UK audit firm’s work. The Government says that it is not appropriate for ARGA to rely on other bodies’ rules in order to carry out its regulatory functions effectively. Paragraph 9.3.4 of the White Paper states that “In addition to future-proofing, a direct power for the regulator will provide clarity on the third country component working papers in scope following the end of the Transition Period.” Thus, the full scope of susceptible material remains to be seen, together with any indication of what the regulator will regard as reasonable steps to be taken by auditors to achieve access for the regulator’s benefit. Certainly, even now, the FRC acknowledges that there may be some countries where access cannot readily be achieved as a result of legal or other constraints on disclosure outside the territory in question e.g. China, and the Public Company Accounting Oversight Board  (“PCAOB”) in the US has extensively attested to difficulties in that same regard.

The Government appears to reject for the time being an international reach (such as that enjoyed by the PCAOB). It appears content that ARGA should be confined to enforcement action against the UK group auditor, where it has concerns about the UK group auditor’s engagement with the overseas component auditors, or identifies a potential breach by the UK group auditor of a relevant audit requirement, and to consider that ARGA would have sufficient powers in this regard. It adds that ARGA can continue to refer overseas component audit work to the relevant overseas regulators, where “permissible and applicable” (paragraph 9.3.7).

Chapter 11 Additional changes in the regulator’s responsibilities

Labelling the proposed reforms addressed in Chapter 11 as “additional changes” is significantly to downplay their potential scope and impact. In this last chapter of the White Paper, the Government has crammed in a number of potentially far-reaching reforms for the oversight and regulation of accountants and auditors working in the private sector, with very little articulation of how they might work in practice.

Additionally, Chapter 11 confirms that ARGA is to have oversight and regulation of the actuarial profession, and that the Government will address separately oversight of local authority audit, and the supervision of the Auditors General. It also confirms that the Government will consider whether further powers are needed to assess and promote compliance with the Stewardship Code, following the outcome of a review to be commenced in 2023.  These matters all lie outside the scope of this bulletin.

Oversight of the chartered professional bodies

Legislation will re-inforce ARGA’s oversight of the Chartered professional accountancy bodies (across all their regulatory functions including: training and qualifications, licensing, practice assurance, complaint handling, disciplinary procedures and governance arrangements), compelling those bodies’ co-operation, and enabling ARGA to force them to take action in appropriate cases. There is a strong element of intended horizon-scanning in the policy here: to identify emerging risk and public interest issues within the operations of those bodies.

The Chartered bodies are selected on the basis that they are said to encompass members of whom the highest standards are expected and where failures are likely to have the biggest economic impact. Accountant members of those bodies will become susceptible to direct enforcement action by ARGA (similar to that exercisable in relation to statutory auditors). However, outwith the grip of ARGA, will remain the non-Chartered professional bodies and their members, who may still play important roles in providing accountancy and other services in PIEs’ financial and corporate reporting activities. Does this create a separate and category of practitioners untouchable by ARGA? The White Paper anticipates a possible “gap” in this context by indicating that it will keep its powers under review and retain flexibility to extend the arrangements, so that no significant enforcement gap develops in the future (paragraph 11.1.43).

As it is, a standardised Code of Ethics is proposed across all the Chartered bodies’ members as the basis for enforcement by ARGA, to apply to breaches in public interest cases regardless of whether the individual or firm is engaged by a public interest entity (paragraph 11.1.52). This appears intended to homogenize not only the calibration of the public interest but also the enforcement function of protecting that interest across the whole body of Chartered professional body membership. This appears to emphasise that the guardianship of the public interest in the context of the accountancy profession is being consolidated in a single regulator, ARGA.

Proactivity in relation to matters of serious concern

Much of the White Paper is focused on empowering the regulator to hold others to account. Undoubtedly, the powers to be ascribed in cases of serious concern are potentially formidable but, perhaps more than anywhere else in the proposed reforms, they impose a very real burden of accountability on ARGA itself – to anticipate crisis, and in this regard ARGA’s sights will be set on companies rather than auditors.

Within this context, the Government is keen to ensure that it does not effectively relieve the shareholders of their fundamental obligations to ensure appropriate governance. Nevertheless, it accepts that in the areas of corporate reporting and audit, where the regulator already has enforcement powers, there is room for an improved regulatory toolkit to address serious concerns.

PIE auditors already have a duty to raise viability or other serious concerns during the course of an audit. The Government merely asks an open question as to whether the scope of reportable subject matter should be greater, and whether PIE auditors should receive statutory protection from breach of duty claims (presumably the Government means breach of confidence claims) when making relevant disclosures (paragraphs 11.4.10 to 11.4.12) .

However, implicit in what follows, may be a tacit acceptance that these duties on PIE auditors have not proved to be sufficient, and that the regulator must take a more pro-active role, focusing directly on the audited entity.

Beyond the constant desirability of the regulator using market intelligence to scan the horizon, speedy information gathering and investigative powers in specific cases are the order of the day here.

First, ARGA will have power to require rapid explanations from PIEs about concerns it has identified relating to a PIE’s “compliance with its corporate reporting or audit obligations” (paragraph 11.4.21). The scope of this power may potentially be extremely broad but the brevity of its articulation in the White Paper renders that unclear. How solid must a “concern” be – suspicion or something more? What quality and source of information (if not the auditor) would justify enquiry?

There is no guide as how fast “rapid” is: days, weeks, or to be measured by a key imminent action e.g. filing of accounts, publication of results. Logic suggests that timescale will depend upon the context of each enquiry and that if the timeframe is too short, explanations will be caveated by the need for further investigation or to obtain additional information. Nor is it indicated against whom the power is to be enforced - the company or specific officers, and the sanction for non-compliance. In the latter case, an officer may well not be able to provide the explanation from their own knowledge. Should he/she indicate why they do not know it, and from whom it might be provided? This will immediately highlight the adequacy of governance and responsibility arrangements within a company. What if the answer requires input from a third party: on what basis might that party’s input be sought, what explanation is to be given to them as to the likely application of their input (and what protection might they have), and what opportunity might they have to engage with ARGA directly?

Second, ARGA should have power to require an expert “skilled person” review, and to publish a summary of it if that is in the public interest, where it has identified concerns relating to a PIE’s compliance with its corporate reporting or audit requirements (this is expected to be “exceptional” so as to balance giving stakeholders appropriate information about the findings against disclosing commercially sensitive information) (paragraphs 11.4.25 and 11.4.34). Whether it is proposed that the power should mirror closely that of the Financial Conduct Authority (“FCA”) (s.166 of the Financial Services and Markets Act 2000 is not expressly addressed, although the White Paper makes a couple of nods in the direction of the FCA’s and Prudential Regulation Authority’s similar powers (paragraphs 11.4.27 – 28, and 11.4.32).

It is likely that responses to ARGA’s requests for rapid explanations will stimulate the exercise of the power. We are told that significant discretion is to be afforded to ARGA as to whether it is appropriate to commission an expert review. Necessary follow-up actions, which would generally be regarded as properly the obligation of the company may, nevertheless, be imposed by the regulator, and may include ordering the company to make changes to its accounts, or civil enforcement against the directors (paragraph 11.4.36).

Once again, the brevity of the proposal in the White Paper means a lack of clarity at this stage. Significant questions loom as to:

  • the applicable criteria for exercise of the power;
  • the assessment of proportionality in terms of time, cost and resource burdens on the company;
  • how the appropriate “skilled person” will be selected;
  • the scope and timetable of such review in any given case;
  • the level of oversight and access ARGA will have during the course of the skilled person’s work and investigations; and
  • the intrusion it may make into the audit process.

The existence and progress of such a review will undoubtedly impact on audit planning and function generally.

Whistleblowing

The Government acknowledges the interest in reforms to the whistleblowing framework and it is stated that a review will be conducted in due course. However, the Government is concerned that the Brydon Review’s recommendation of protection for workers who make whistleblowing disclosures to auditors could lead to issues being raised beyond the audit scope, thus placing an unnecessary burden on auditors. The recommendation that whistleblowing protections should be extended to anyone with a direct economic relationship to the audited entity is also not adopted, due to the fact that this would constitute a substantial change to the existing whistleblowing framework.

Conclusion

Chapters 9, 10 and 11 present us with ARGA’s mission, and trail the sorts of tools it may be given to achieve it. Execution, by rule-making and operation, however, appear to remain a matter for ARGA.  Only when we see the rules, will we understand the intended nature and extent of the regulator’s re-invigoration. And only when the rules are enforced, will we know the regulator’s strength.

End

Stay up to date with Clyde & Co

Sign up to receive email updates straight to your inbox!