Find below the plain text version of Stephen Haddrill's speech at the PCAOB's International Auditor Regulatory Institute on 19 November 2013 in Washington DC.
To download the formatted version, click here
I am delighted to have this opportunity today to talk about the work of the UK Financial Reporting Council.
First let me explain a little about the FRC. We are the UK’s accounting, auditing and actuarial standard setter. We are also responsible for monitoring the quality of accounting of public interest entities and the quality of auditing. We have powers to sanction poor work or misconduct. Last but not least we set the UK Corporate Governance and Stewardship Codes.
In consequence we are able to ensure that our standards build on our experience of monitoring. Crucially we are also able to combine our work on governance particularly on audit committees, with our regulation of auditors to enhance the quality of audit.
That’s what we do. How we do it.
First we are wholly committed to serving the needs of investors. Our mission is to promote high quality corporate governance and reporting to foster investment.
Second our primary objective in relation to audit is to promote quality. We pay attention to other matters such as the degree of competition in the audit market in the UK but only to the extent that is consistent with reinforcing quality.
Third, we place a high degree of confidence in the power of transparency to enhance quality. We seek open disclosure of the work of audit committees and we are extending the requirements of auditor reporting. We also believe that open reporting of our inspection results is a powerful driver of audit quality.
Now let me turn to our recent work. The stimulus for change in our area as in so many was the financial crisis. No surprise there. In the immediate aftermath of the crisis we did not find that poor auditing was a cause of the meltdown of the banking sector. However, we did become convinced that auditors should have done more to sound a warning about the level of risk being taken on by the banks. Investors were entitled to expect that auditors, boards and regulators would work better together to identify, assess, mitigate and report on risk.
So what have we done? Well quite a bit to improve corporate reporting. Partly to ensure investors are better informed but also because we believe that good reporting drives good behaviour.
Our first step was to introduce a requirement for boards to produce reports and accounts that are as a whole ‘fair, balanced and understandable’.
This change will strengthen the relevance of every part of the document. But we also wanted to eradicate any belief that part of the report could be used to promote the business rather than tell the complete truth. The initial response showed us that for some directors reporting was not driving good behaviour but was part of a legal dance.
Many companies asked about what the words mean – but we won’t issue guidance on how to interpret them. The words ‘fair, balanced and understandable’ have a common English meaning and we want people to engage and think about how they will apply this.
Audit committee reporting
We have also sought to improve the reports of the Audit and Risk Committees. From 2013, companies in the UK are expected to include in their annual report information describing the work of the Audit Committee.
Audit committees should now disclose significant issues considered in relation to the financial statements and how they were addressed; how they went about assessing the effectiveness of the audit; and their approach both to appointing the auditor and ensuring auditor independence, for example in relation to any non-audit service the external audit firm provides.
Again, we have largely let audit committees decide how they would present these new disclosures in the report. Our goal is to get them thinking hard, not produces a tick box mentality.
We have also undertaken a Financial Reporting Lab project on reporting by audit committees. The Lab, in its report, set out what investors wanted for Audit Committees:
Demonstrate ownership and accountability by personalising your reporting;
Be specific to your company and to the current year;
Say what you did (not just what you do): depict the specific activities during the year and their purpose, using active, descriptive language;
Disclose judgement calls made for the year, and the sources of assurance and other evidence drawn upon to satisfy yourselves of the appropriateness of the conclusion;
Consider your audience in describing issues and their context, policies, processes, conclusions and their consequences for the company and its reporting; and
Consider where in the annual report information is best included, and avoid repetition.
We have taken steps to enhance risk management and risk reporting.
During the financial crisis and subsequent recessionary environment, much discussion was had about the quality of information that companies provide on their financial health and their ability to withstand stresses in the short to medium-term.
Two weeks ago we published for consultation changes to the UK Corporate Governance Code which aim to raise the bar for risk management by boards and communication to shareholders about the risks faced by their companies and how they are managed or mitigated.
The proposals implement the recommendations of Lord Sharman’s 2012 Inquiry into the corporate governance and reporting lessons to be learnt from the failure of ostensibly healthy businesses in the financial crisis.
We consider risk management to be one of the most important responsibilities of the board. Understanding the principal risks facing the company is essential for the development of strategic objectives, and the ability to seize new opportunities. For investors, as providers of risk capital, knowing how the board is managing and mitigating risks is an important indicator when judging whether the company will be able to deliver the value that they seek.
The draft guidance sets out boards’ responsibilities for setting the company’s risk appetite, ensuring there is an appropriate risk culture throughout the organisation, and assessing and managing the principal risks facing the company, including risks to its solvency and liquidity. As now, boards are charged with summarising how they reviewed the effectiveness of their system of risk management. Following the changes they will also be asked to explain what actions have been taken to remedy any weaknesses identified from that review.
In addition the proposals set out the need for a robust assessment of whether risks give rise to material uncertainties that should be taken into account and reported on in relation to the companies’ going concern basis of accounting. We want to see a new type of going concern assessment of one that is focussed only on the narrow meaning of assessing the going concern basis of accounting, but one that gives a broader integrated assessment and description of solvency and liquidity.
Now let me turn to auditors.
You will have noticed that in the previous reporting changes we have asked the company to report, not the auditor. We believe the entity should report on its work and decisions. The auditor’s role is to give assurance that the company’s report is correct and to report on their own work.
That said, last year the FRC introduced a step change to the way it expects the external auditor to report to shareholders. These revisions were set out in the new ISA 700 that aims to improve the transparency of the audit, complete the circle with the new audit committee report and to respond to the increasing interest of investors in the audit. To us, the audit report should always be worth reading. It is hugely important that investors make the time to pick up the annual report and accounts, and read the view of the independent auditor.
The changes mean that the auditor is now required to explain in more detail the scope of the audit, how they assessed risks of material misstatement and how they applied concepts of materiality. They should pick up on any risks or transactions they have raised during the year that have not been adequately highlighted by the audit committee, and bring it to the attention of the shareholders in their own report. They are also now expected to affirm whether they agree with the board’s assessment that the report accounts are ‘fair, balanced and understandable’.
In practice we do not expect the auditor to have to report a disagreement with the company.
Because the requirement to report empowers the audit in any such dispute.
These changes are applicable for periods commencing after 1 October 2012, but we have seen several examples of companies adopting the new report early. Nick Land, our board member and chair of the FRC’s Audit and Assurance Council spoke recently of his experience as audit committee chair of Vodafone, just one of a number of early adopters of the new audit report.
His experience was that Vodafone’s auditors, Deloitte, had widened the remit of their report, taking steps to disclose in more detail the levels of materiality they worked to, the scope of their audit with descriptions of the experiences of component auditors and a commentary on how they responded to each of the significant risks. The new audit report also encouraged enhanced engagement between the auditor and audit committee, with each communicating to the other more about their risk assessment processes and quality control procedures.
But in the UK context it is difficult to talk about the new style audit reports without also referring to the new style audit committee reports.
Nick spoke about the initial challenges with the new reporting guidelines, in particular the requirement in the audit committee report to describe how the auditors were assessed. From a logistical perspective, the audit committee timetable tended to consider the performance of the auditors in detail at the meeting subsequent to the AC closing meeting. Therefore, the committee weren't geared up to carry out enquires throughout the group about the auditor's performance in time. Rather more importantly, though, Audit Committees are beginning to realise that they know how to assess the quality of service and the lead audit partner but don't know how to assess many aspects of the audit quality itself. In turn, the new auditor reporting guidelines give the auditor the opportunity to display the quality and thoroughness of the work they do.
Nick found that, looking at the examples so far, it appears that the new style Audit Committee and auditor reports fit together well and that the key matters each are expected to consider, are well aligned.
So far the feedback Nick has garnered from Vodafone investors has been overwhelmingly positive based on discussions and I think that really says it all.
The increased transparency, in both audit and Audit Committee reports will help investors, should they want to, ask relevant and pertinent questions of the board as well as help manage the audit expectation gap.
Looking to the audit market then, there have been some key questions posed about the UK statutory audit market.
First - is it competitive enough?
And second - does it drive quality in audit?
The FRC felt that the answer to both of these was no. So we had a simple idea.
We introduced retendering at 10 years.
We didn’t go as far as EU who were proposing rotation at 6 years – we believed this was too short a period.
The Competition Commission, when it reported this year, followed our lead and remained conservative –after all, it didn’t recommend the break-up of any of the big firms.
However, it has supported retendering at 10 years, with a requirement to explain why they haven’t done so sooner.
So how is it going? There has been a huge uptake with HSBC, Lloyds, Land Securities and BG retendering.
The lessons to be learnt:
be clear about what you want from the audit
discuss that with investors at an early stage
don’t focus on price above quality
Auditor – do work out if allowed to bid
But so much for the UK – the big question for us now is where will debate land in EU?
Retendering at 10 years will be in the package. But clearly the European Commission want to go further.
Now let me turn to audit inspection.
We grade each audit engagement we inspect.
The Competition Commission feels that these grades are a powerful driver of quality and potential of stronger competition between firms. Currently we use the grade to inform public reports on each firm. But we do not publish each inspection result.
The Competition Commission has proposed that we do two things:
Increase the number of inspections to produce more certain and comparable assessments of each firm.
Arrange publication of each grade. It proposes the audit committees do this - to overcome the confidential provisions.
This is a powerful proposal. Brings company/ auditor/ FRC and investor interests into close alignment. Until now, companies may not have cared if the audit was weak. But if we adopt this change it will care very deeply because it will have to tell its investors.
So we are very attracted by the proposal and expect our board will want to consult on how to go about it.
Is it first the grade that’s released or also our analysis? Personally I think the latter.
Will we get embroiled in endless dispute with companies as well as auditors? Well that’s our job!
How do we make sure that investors understand what a poor grade means?
All answers gratefully received!
So the proposal carries risk, but there is also risk in continuing with the status quo.
Each year we have continued to see poor work being done by event the largest firms. Overall the quality of audit in the UK is good and the number of inspections resulting in good or acceptable grades is rising. But we are still finding deficiencies, particularly in the financial services sector and the testing of assumptions behind impairments.
Other key areas of concern included:
Further improvements required in respect of group audits (especially letterbox companies)
Testing of loan-loss provisions and general IT controls need strengthening in respect of banking and building society audits
Increased pressure on fees and costs leading firms to seek efficiency savings; this may risk audit quality
So some action is needed whether or not we adopt the Competition Commission’s proposal.
Currently we are pursuing three avenues:
reaching out to audit committees to explain the significance of our inspection findings in the hope that they will take action.
Strengthened powers for us to sanction poor performance and tougher penalties for misconduct. £14 million fine of Deloitte. But other measures such as required retraining can be very powerful too.
Assistance to small companies and small audit firms who may still struggle with IFRS
Ladies and gentlemen.
We have all been on a long journey over the last decade. We have learnt from each other. And we have together – because capital markets are international – raised the quality of audit and given investors confidence.
But we are not yet at the end of the road. Quality is the Big 4 is not yet sufficiently consistent. I think our experience shows that if we carry on as we are we will remain on a long plateau, not scale new heights. So some change is required and more transparency about our work and our findings is perhaps the answer. Are we bold enough? Well, we will have to see. I hope so!