UK Accountancy Profession Responds to Brydon Report
UK commentators have been digesting the recommendations of Sir Donald Brydon's Report of the Independent Review into the Quality and Effectiveness of the Statutory Audit released 18 Dec 2019.
At a time when financial information is everywhere and there is no obligation on internet users to be truthful, it matters even more that shareholders, amongst others, can trust what company directors are communicating. This is especially important because it is widely acknowledged that the cost of capital lowers the greater the confidence in the entities seeking capital. The statutory audit largely informs the basis of that confidence.
The statutory audit report is legally required to be prepared for the company’s shareholders. However, by providing independent professional insight into financial position, it is clearly of great relevance to stakeholders beyond company shareholders who depend on the company’s ongoing viability. Brydon puts forward that more can be done to reflect these wider interests.
None of the commentators disagreed with Sir Donald’s conclusion that audit needs to be transformed into a service that meets the expectations of UK stakeholders.
ICAEW chief executive Michael Izza described the proposals as bold and game-changing for the accountancy profession: “We agree that audit urgently needs to keep pace with the needs, not just of investors, but of wider stakeholders in society, and we are long-standing advocates of proportionate and practical change to restore public trust”.
He welcomed Sir Donald’s recommendations for making the whole board of directors accountable and called for the government to bring forward legislation to establish the new, more powerful regulator—the Audit, Reporting and Governance Authority (ARGA)—“at the first opportunity”.
Expectation gaps and the need for change
Audit today is fundamentally restricted to assuring the material accuracy of the statutory financial statements and, even with this restricted scope, is only partially meeting even that objective. At the same time, Sir Donald remarks that there is widespread confusion between the terms assurance, audit and statutory audit.
Today, in the UK, audit as a concept is largely defined through a collection of prescriptive standards under which the statutory audit of financial statements is carried out. Nonetheless, as one respondent said, “transparent, informative and accurate financial reporting is a critical component of well-functioning public markets.” This comment goes beyond the confines of adherence to standards and encapsulates a widespread hunger for information.
Brydon suggests there needs to be a fundamental shift in definition and approach to ensure that all appropriate opportunities are taken for the auditor to inform as well as to confirm and verify. This will mean going beyond the information contained in the statements of the directors.
In short, audit is not broken, but it has lost its way, and all the actors in the audit process bear some measure of responsibility.
His recommendations to improve audit encompass:
- A redefinition of audit and its purpose
- The creation of a corporate auditing profession governed by principles
- The introduction of suspicion into the qualities of auditing
- The extension of the concept of auditing to areas beyond financial statements
- Mechanisms to encourage greater engagement of shareholders with audit and auditors
- A change to the language of the opinion given by auditors
- The introduction of a corporate Audit and Assurance Policy, a Resilience Statement and a Public Interest Statement
- Suggestions to inform the work of Business, Energy and Industrial Strategy (BEIS) on internal controls and to improve clarity on capital maintenance
- Greater clarity around the role of the audit committee
- A package of measures around fraud detection and prevention
- Improved auditor communication and transparency
- Obligations to acknowledge external signals of concern
- Extension of audit to new areas, including Alternative Performance Measures
- The increased use of technology
New definition of audit
Auditing, Brydon suggests, is too important to be left to an adjunct of another profession. It should be an independent profession in its own right, with its own governing principles, qualifications and standards. At present, it is an extension of the accounting profession, whose ethics and (arguably) mindset it largely adopts.
He recommends the new definition and scope of the audit is as follows: “The purpose of an audit is to help establish and maintain deserved confidence in a company, in its directors and in the information for which they have responsibility to report, including the financial statements.”
Expanded role of the auditor
Brydon's report highlights the growing challenge in using "true and fair" as a descriptor of financial reporting, especially given that corporate accounting increasingly involves the use of estimates and judgements. Together, with the fact that the audit intends to provide assurance that the company accounts are free of material misstatements, it is difficult to see how either directors or the auditor can communicate effectively that modern company accounts are true in accordance with any reasonable person’s understanding of the word. This is just one contribution to the so-called expectations gap.
He recommends auditors go beyond their current statutory scope to act in the public interest and regard the interests of the users of their report beyond solely those of statutory shareholders.
He considers that a key part of the education necessary to be a successful auditor is to be found in the current training afforded to forensic accountants. The psychology of suspicion that accompanies forensic accounting should be more widely taught, equipping auditors with the ability to choose between skepticism and suspicion in different circumstances.
Increased directors' responsibilities
During an audit engagement, it is important not just that the auditor behaves according to a set of professional principles but that the corporate executives with whom they interact also understand the role, purpose and operation of an audit. He remarks that he encountered examples of executives in companies having impatience with the auditor’s team and being prone to demand turnaround times that were incompatible with the principles that the auditor should be following.
To the extent that those in companies who interact with auditors in this way have a form of accountancy qualification, he recommends that the accountancy bodies incorporate education in auditing to ensure a better understanding of the responsibilities of the company executive and the auditor, including non-accountants within companies who deal extensively with the auditor, including non-executive directors.
He puts forward that directors should have a legal obligation to state that the financial accounts they present each year have been fairly presented in all material respects, and the auditor should have a corresponding duty to assess whether this is the case (in addition to fulfilling their continuing duties to assess whether the accounts have been properly prepared in accordance with standards and whether they have been prepared in accordance with the law).
The directors should publish a Resilience Statement that would incorporate a going concern opinion for the short term, a statement of resilience in the medium term and a consideration of the risks to resilience in the long term.
Directors are currently required to report annually how they have met their obligations under section 172 of the Companies Act. He recommends that the audit report should include a new section in which the auditor states whether the director’s section 172 statement is based on observed reality, on the basis of the auditor’s knowledge of the company and its processes.
Employees are often well placed to provide insights or highlight concerns that should usefully be considered as part of the audit planning process or during the audit itself. He recommends that directors actively seek the views of employees regarding the scope of any audit activity and report back to them how their views have been taken into account. He also suggests whistleblowing protection to the extent that the statutory auditor be added to the list of ‘prescribed persons’ under the Public Interest Disclosure Act.
Detection and prevention of fraud
The Brydon report includes a package of recommendations aimed at raising the prominence and transparency of fraud prevention and detection by both directors and auditors. These include:
A new reporting duty on directors to set out the actions they have taken each year to prevent and detect material fraud
A corresponding new duty on the auditor to state in their report how they have assured the directors’ statement on material fraud
What additional steps they have taken to assess the effectiveness of the relevant controls and to detect any such fraud
This challenges the perception that auditors have no obligation to detect fraud. He recommends that auditors be required to undergo initial and ongoing periodic training in forensic accounting and fraud awareness.
Introducing a UK version of SOX compliance
Brydon also calls for the CEO and CFO to provide an annual attestation to the board of directors as to the effectiveness of the company’s internal controls over financial reporting (ICFR) and that this attestation be guided by new principles on internal controls reporting to be developed by the Audit Committee Chairs Independent Forum and endorsed by ARGA. This would introduce SOX-style controls to the UK audit function. He further recommends that companies be required to disclose when any material failure of their internal controls has taken place. A disclosed failure would lead to the CEO/CFO attestation being subject to audit for the following three reporting years.
Increased importance of technology
The role of technology in audit, he argues, whilst increasing in scope is nonetheless somewhat limited to transactional sampling and he questions the appetite of companies to provide 100 per cent of their financial data for inspection, rather than the current practice of statistical sampling.
Data is increasingly available in digitally usable form, a trend that will only continue. However, ARGA may wish to consider stimulating the development of a standard method of data extraction similar to that developed by the US AICPA covering both structured and unstructured data. This area is not without controversy, however, as some firms are developing their own proprietary platforms, whilst other participants outside the audit sector are funding work to create a common data model that could be applied to many areas of professional services, not just audit.
Whilst some matters may be the subject of fierce competition between audit firms, he is persuaded that a profession-wide framework is also necessary.
Beyond the statutory audit
In the world of audit beyond today’s statutory audit, a similar process for setting scope should be followed.
The breadth of the discretionary audit scope would be proposed by the audit committee in the same way. Now, at the same time, it would be open to the audit committee to indicate its intention that CO2 emissions or published oil reserves, for example, are to be subjected to an audit process.
This will become of increasing importance as carbon constraints are introduced in response to climate challenges, and, given the additional reporting requirements that may arise in response to the Task Force on Climate-Related Financial Independent Review into the Quality and Effectiveness of Audit Disclosures (TCFD), it is likely that greater weight will be placed on such disclosures in the future.
As with the auditing of the financial statements, it would be made clear who would carry out the relevant work. Such auditors would, of course, be authorised to do so within the new auditing structure, but to be clear, they need not be the currently authorised auditors.
Connected reporting and compliance in the future of audit
The Brydon report is bold and broad-reaching. It addresses both the limitations of current audit and the changing regulatory theories, doctrines and practices ("orthodoxies") that Christopher Woolard of the Financial Conduct Authority (FCA) addressed in his keynote on 21 Oct 2019.
What is clear is that the new orthodoxies also require a new approach—and that includes the enhanced collaboration, trust and confidence that connected reporting and compliance solutions brings to the auditor's toolkit.
To see how you can increase the trust and transparency in your statutory audits, request a demonstration of the Workiva connected reporting platform.
About the Author
Conor has over 20 years of experience as a senior finance executive for multinational corporations. He is a fellow of the Institute of Chartered Accountants in Ireland (FCA). He was also a Member of Council at the Institute of Chartered Accountants in Ireland from 2002–2005.