What does good audit practice look like? A thematic analysis of the FRC’s Annual Audit Quality Inspection Results 2020/21

Just a couple of weeks after the BEIS’ white paper consultation on audit and corporate governance reform closed for responses, the Financial Reporting Council (FRC) has published its annual audit quality inspection results for 2020/21 of Britain’s 7 largest audit firms (the ‘AQR results’).

The results follow the FRC’s review of 103 audits carried out by the 7 largest accountancy firms: BDO, Deloitte, EY, Grant Thornton, KPMG, Mazars, and PwC. While the results show a year-on-year improvement in the scores of some of these firms, almost a third (29%) of all the audits reviewed are reported to have failed the FRC’s quality test and demonstrate a need for improvement or significant improvement. This is marginally lower than the previous year, when the FRC reported that 33% of audits it reviewed for 2019/20 required improvement or significant improvement.

Earlier this month, the FRC published its latest Key Facts and Trends in the Accountancy Profession and found a significant increase in the number of FTSE 250 audits being carried out by challenger firms outside the Big Four. This upward trend is a positive indicator which aligns with the Government’s intention underpinning the BEIS’ white paper on audit reform, to dilute the market dominance of the Big Four firms. However, given this growth, the FRC increased the sample of audits it selected for review this year from challenger firms.

Increased regulatory scrutiny by the FRC over mid-tier firms as they develop more of the audit market share was cited as a concern by the majority of mid-sized accounting firm leaders during our research earlier this year. The critical need for these firms to understand what good regulatory practice looks like initiated our analysis set out below.

We have carried out a thematic analysis across the FRC’s annual inspection reports on the 7 largest accountancy firms for 2020/21, to identify key themes of good practice observed by the FRC during this year’s annual inspection, in relation to individual audits and firm-wide procedures. We hope our analysis will serve as a useful guide to auditors and firms, particularly mid-tier firms, with helpful tips on what their oversight regulator will be considering if and when the firm’s AQR takes place.

What does good practice look like?

INDIVIDUAL AUDITS

We identified 5 key themes of good practice drawn from the FRC’s review of individual audits at the firms inspected.

Effective oversight
As would be expected, good practice comprises group audit oversight evidenced by component teams having clear direction, supervision and review of work done. Particular references were made to effective oversight of overseas component teams. Evidence of high levels of interaction in respect of risk areas and a robust review of working papers was commended. Good practice in one firm was identified to comprise the group audit team organising a three-day conference to brief partners and managers from all component teams on the group audit approach, which, although not appropriate for every audit, demonstrates a strong commitment to audit quality in relation to companies with a number of subsidiaries. Other particular mentions of good practice relating to oversight comprised a ‘high degree’ of group audit team involvement, effective planning and risk assessment.

Evidence of challenge
Audits which evidenced the audit team challenging management in areas of key judgement were identified as demonstrating good practice, as was clear evidence of challenging work performed by component auditors. This emphasises the need for effective recording of key decisions in the audit file; a practice which should be evident from all members of the audit team.

Robust procedures
Evidence of robust procedures was regarded across many of the firms as being indicative of good individual audit practice. Two firms were commended for their procedures in delaying the sign-off and issue of audit reports until appropriate evidence was obtained and evaluated by the audit team. Another was observed to employ enhanced acceptance and continuance procedures using a system which gave advanced notice to entities where the auditor had significant concerns which could impact on its ability to continue to act. The procedure also involved communicating concerns to the entity’s management and Audit Committee, requesting specific action and improvement, and if the firm resigned as auditors, this information was shared with the incoming auditor and disclosed publicly within the firm’s statement of circumstance. This was viewed positively by the FRC in improving overall transparency.

Many of the firms reviewed evidenced good practice by having robust procedures in place to respond to increased risks relating to going concern, particularly arising during Covid-19. This commonly comprised a requirement for auditors to consult internal technical panels on high-risk audits and evaluate and challenge aspects of going concern assumptions and forecasts. Good practice was identified in one firm to comprise demonstrating enhanced professional scepticism by developing and employing a ‘traffic light system’ to assist auditors’ evaluation of key assumptions used in an entity’s going concern assessment.

Use of data analytic techniques
Good practice was also highlighted in firms which employed data analytic techniques; for example, one firm was observed to perform data analytics on revenue and journals to enable a targeted audit response to risks identified in these areas. The use of similar tools to audit revenue and to gain a more detailed understanding of the audited entity’s systems and processes was similarly highlighted, and such practice commended.

Consulting internal specialists
Proactive involvement of internal experts and specialists was also identified as good practice by the FRC in relation to several audits it reviewed. This comprised specialist consultation on issues such as IT controls, pension liabilities, valuation calculations over purchase price allocation on acquisition, and drawing on actuarial expertise in the audit of insurance contract liabilities. One firm was further observed to provide detailed and clear evidence of how matters were resolved following consultation with internal specialists, and this was positively viewed by the FRC.

FIRM-WIDE PROCEDURES

As part of its annual inspection, and in addition to reviewing individual audit files, the FRC reviews firm-wide procedures based on areas set out in the International Standard on Quality Control (UK) 1 (ISQC1). This year, the FRC focused on reviewing 3 areas of firm-wide procedures: Audit quality initiatives, Root Cause Analysis (RCA) processes, and audit methodology and training. Its particular focus on these areas is underpinned by the FRC’s supervision team taking a more pro-active and forward-looking interest in firms’ audit quality plans (AQRs), RCAs, quality control procedures and audit quality indicators, as well as its increased focus on how firms are responding to recurring findings.

We identified several themes of good practice relating to each of the 3 areas, highlighted by the FRC in its review. These themes are set out  below.

Concluding remarks

Our thematic analysis of the FRC’s AQR results reveals several examples of good practice identified by the FRC during this year’s assessment of audit quality. While by no means exhaustive, we hope the themes we have presented in this paper offer a useful starting point for firms, particularly those firms whose continued growth in the audit market will mean greater visibility and scrutiny by their oversight regulator.

When carrying out individual audits, the AQR results suggest good practice comprises evidence of effective oversight, challenge, robust procedures, use of data analytic tools and techniques, and consultation with internal experts and specialists on matters of high risk. Taking a broader perspective, when looking at the quality of firm-wide procedures, several themes of good practice are similarly noted to arise, relating to the FRC’s focus on audit quality initiatives, root cause analyses, and audit methodology and training. These include having effective and mandatory training in place; having clear AQPs and a broad scope of, and interrogation of, RCAs; supporting these processes with robust procedures; employing and being able to evidence effective ownership and oversight; having good governance and communication processes in place; ensuring a good audit culture; evidencing opportunities for auditors to challenge management during the audit process; using data analytic tools; and mandating the consultation of internal experts in high-risk audits. 

As set out in the AQR results, a small proportion of files were deemed to require significant improvement. In the event of an audit breach arising, depending upon the level of perceived deficiencies under the FRC’s Audit Enforcement Procedure, this can lead to a process of ‘constructive engagement’. This discretionary process involves an FRC case examiner taking the view that minor and possibly inadvertent breaches carry minimal harm (financial or otherwise) to investors, the market, or public confidence in the statutory audit process. Constructive engagement can happen in a variety of ways, such as written advice, warning letters, or discussion with the FRC. In some cases, however, where the deficiencies are deemed to be more significant or wide-reaching, the FRC may take enforcement action with potentially severe outcomes for the firm or auditor involved. Where the FRC decides to take a firm approach, this might involve intensive and costly investigation.

While we have seen a greater focus by the regulator on trying to resolve issues by way of constructive engagement – the FRC Enforcement Review 2020 reported a 58% increase in early resolution of concerns via this route – the package of reforms proposed by the Government will likely lead to the new oversight regulator, ARGA, having significantly increased remit and power over firms it regulates. The publication of the latest AQR results therefore presents an opportune time for firms to consider what good audit practice looks like, and to develop a clear strategy for the implementation of effective audit procedures, governance and culture, in order to evidence good practice.

FURTHER INFORMATION

If you have any questions or concerns about the content covered in this blog, please contact a member of the Regulatory team.

ABOUT THE AUTHORS

Julie Matheson is a partner in the Regulatory Team. Her expertise lies in advising professionals and professional services firms, particularly in the accountancy and built environment sector, on regulatory compliance, investigations and enforcement proceedings.

Lucinda Soon is a professional support lawyer in the Regulatory team, and is responsible for knowledge management and practice development. 
Her work focuses on leveraging the team’s collective knowledge and expertise, ensuring that know-how and current and emerging regulatory developments are identified, evaluated, synthesised, and shared. She is particularly experienced in the adoption of technology to aid the delivery of these outcomes.