Warning

The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

  • No human verification has been conducted of the converted content.
  • While we strive for accuracy errors or omissions may exist.
  • This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
  • For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

Public Interest Entity Audit Firm Breach Reporting 2021

FRC Ethics Breach Reporting Policy for Auditors of Public Interest Entities (PIEs)

1This note sets out the procedure audit firms should follow to comply with the requirements of the FRC's Ethical Standard in respect of breach reporting for auditors of Public Interest Entities. The Ethical Standard (2019) (ES 2019) requires firms to make the following report to the Competent Authority1 for Audit:

Whenever a possible or actual breach of this Ethical Standard, or of policies and procedures established pursuant to the overarching principles and supporting ethical provisions and requirements established in it, is identified, the engagement partner, in the first instance, and the Ethics Partner, where appropriate, shall assess the implications of the breach, determine whether there are safeguards that can be put in place or other actions that can be taken to address any potential adverse consequences and considers whether there is a need to resign or withdraw from the engagement. The firm shall report all breaches to the Competent Authority on a biannual basis and to those charged with governance of an entity relevant to an engagement, where a breach relates to a specific engagement or engagements in a timely manner. 2

Form of Report

2Reporting to the Competent Authority is a requirement for all firms which audit Public Interest Entities (PIEs), and includes breaches related to all audit and assurance engagements which fall within the scope of the Ethical Standard.

3In every circumstance, the Ethics Partner at the firm must be involved in relevant discussions, and to have formed a view on the nature and seriousness of the breach before a report is made to the Competent Authority.

4Each report must set out:

  • A summary of the breach(es), including the relevant requirement breached;
  • Type of breach, whole firm or engagement specific;
  • Where relevant, the type of audited entity (eg. PIE, listed, etc.);
  • Specifics of the breach(es);
  • Individuals involved;
  • Response and/or mitigating actions taken by the firm.

5We expect the report to have been approved by the Ethics Partner (or equivalent), and the firm should confirm this when submitting it to the Competent Authority.

6A pro-forma template is available on the FRC's website. Firms may use alternative report formats providing the key information set out at paragraph 4 is included.

Competent Authority

7Breach reports should be submitted electronically via the dedicated email address [email protected].

8Submitted reports will be reviewed by relevant members of the Supervision and Audit & Assurance Policy teams who will determine:

  • Whether further information is required;
  • Whether proposed responses/mitigations by the firms appear to be sufficient.

Reporting Timetable

9The timetable for reporting breaches has two elements:

  • Bi-annual reporting to the Competent Authority of all breaches. Two separate reports should be provided by each firm in each year, covering the periods:

    • 1 April to 30 September; and
    • 1 October to 31 March.

    These reports are due within 2 calendar months after the end of each period. Reports must include all identified breaches which occurred in the relevant 6 month period. There is no de minimis threshold.

  • Reporting to Those Charged With Governance of an entity, where a breach relates to a specific engagement or engagements.

10Audit firms should make the Competent Authority aware of individual breaches outside of the 6 monthly reporting timetable about which the regulator would reasonably expect notice. This may be due to the nature or seriousness of the breach, including for example where the firm may need to consider resigning from an engagement.

Footnotes

Contact Information and Privacy Policy

8th Floor, 125 London Wall, London EC2Y 5AS Tel: +44 (0)20 7492 2300 Fax: +44 (0)20 7492 2301 www.frc.org.uk The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered office: as above. Please see our privacy page at https://www.frc.org.uk/about-the-frc/procedures-and-policies/privacy-the-frc if you would like to know more about how the FRC processes personal data or if you would like to stop receiving FRC news, events, outreach or research related communications.

  1. The FRC (for PIE audit firms) or the Recognised Supervisory Body (for non-PIE audit firms) to whom the FRC has delegated regulatory tasks as applicable. 

  2. FRC ES 2019, paragraph 1.21. 

File

Name Public Interest Entity Audit Firm Breach Reporting 2021
Publication date 27 September 2023
Format PDF, 225.9 KB
Download original
Back to top