Warning

The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

  • No human verification has been conducted of the converted content.
  • While we strive for accuracy errors or omissions may exist.
  • This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
  • For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

Audit Quality Thematic Review: Firms' audit quality control procedures and other audit quality

The Financial Reporting Council (FRC) is the UK's independent regulator responsible for promoting high quality corporate governance and reporting to foster investment. The FRC sets the UK Corporate Governance and Stewardship Codes and UK standards for accounting and actuarial work; monitors and takes action to promote the quality of corporate reporting; and operates independent enforcement arrangements for accountants and actuaries. As the Competent Authority for audit in the UK the FRC sets auditing and ethical standards and monitors and enforces audit quality.

The FRC does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it.

The Financial Reporting Council Limited 2017 The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered Office: 8th Floor, 125 London Wall, London EC2Y 5AS

Contents

Introduced in 2013, thematic reviews supplement our annual programme of reviews of individual audit firms. In a thematic review we look at firms' policies and procedures in respect of a specific area or aspect of the audit or firm-wide procedures to make comparisons between firms with a view to identifying both good practice and areas of common weakness. The reviews are deliberately narrow in scope, and are chosen to focus on an aspect of audit or firm-wide procedures in greater depth than is generally possible in our review of audits.

This document is not designed to be a comprehensive discussion or complete summary of the requirements for quality control review procedures. Consequently, as not all aspects of the International Standards (UK and Ireland) are discussed, readers should refer to these for all the requirements and to establish their own process for quality control reviews.

The FRC believes this thematic review will be of assistance to audit firms in developing or enhancing and evolving their quality control review procedures, contributing to their own processes of continuous improvement to enhance audit quality. It should also be of interest to audit committees, other audit regulators and audit standard setters.

Our previous thematic reviews were as follows:

  • The use of data analytics in the audit - January 2017
  • Root Cause Analysis – September 2016
  • Engagement Quality Control Reviews - February 2016
  • Firms' audit quality monitoring – January 2016
  • The audit of loan loss provisions and related IT controls in banks and building societies - December 2014
  • Fraud Risks and Laws and Regulations - January 2014
  • Materiality - December 2013

Reports on these reviews can be found at www.frc.org.uk/Our-Work/Audit/Audit-Quality-Review/Thematic-inspections.aspx

1. Background, scope and key findings

1.1 Background and scope

This report sets out the principal findings of the third thematic review undertaken during 2016/17 by the Audit Quality Review ("AQR") team of the Financial Reporting Council (“FRC”).

The foundation for delivering consistently high quality audit rests in audit firms' systems of quality control, the requirements for which are set out at the firm level through ISQC (UK) 11 and at the individual engagement level through ISA (UK) 220.2 Audit firms have therefore established a number of quality control policies and procedures to be implemented both before, and after, the audit opinion is issued. Firms have also established additional policies and procedures (not required by ISQC (UK) 1 or ISA (UK) 220) which aim to ensure a consistently high level of audit quality. During 2016 we reported on certain requirements of ISQC (UK) 1 including engagement quality control reviews (‘EQCR'), where some firms now combine some or all elements of their EQCR's with other quality review processes; the firms' internal audit quality monitoring processes and firms' processes to perform root cause analysis. As set out in Appendix 1, this report relates to certain other requirements in ISQC (UK) 1 and therefore complements our previous reports on other areas of quality control and auditing standards.

We reviewed the six largest UK audit firms3 ("the firms”). We considered their policies and procedures, focusing on three key aspects of the firms' quality control systems to support the audit team in delivering a quality audit. These include leadership responsibilities for quality within the firm, human resources and engagement performance (for example, technical reviews of financial statements, internal reviews of audit work, use of specialists on audits). We selected 26 audits (seven FTSE100, twelve FTSE 250 and seven other listed) across the firms that were being reviewed as part of our normal annual inspections to identify any findings that were relevant to this thematic review. These audits covered year ends from 31 March 2015 to 2 January 2016.

We have identified a range of different practices by audit firms. Our report is intended to provide an understanding of these quality control policies and procedures, including highlighting both areas of good practice and areas where improvements can be made, with the objective of promoting continuous improvement in audit quality. Our observations are based on our review and we have discussed our findings with each of the audit firms concerned.

Section 1 sets out the good practices observed and a summary of our findings. Section 2 sets out details of our findings. Appendix 1 sets out the elements of the firms' quality control systems covered by this review and appendix 2 summarises our approach to this review.

1.2 Continuous improvement in audit quality

Continuous improvement in audit quality

A key focus of the FRC is to promote continuous improvement in audit quality. We expect that this will mean that, by 2019, at least 90% of FTSE 350 audits reviewed by the AQR team will be assessed as requiring no more than limited improvements. Effective, and consistently applied, quality control policies and procedures should help to achieve this.

A key objective of quality control policies and procedures is to improve audit quality by having experienced and competent staff reviewing the work performed by others, sharing their knowledge and expertise.

Firms should continue to ensure that audit quality remains in the forefront of their leadership teams' agendas to continually drive further improvement.

In December 2015 the IAASB4 published its Invitation to Comment: Enhancing Audit Quality in the Public Interest: A focus on Professional Scepticism, Quality Control and Group Audits ('the ITC'). This report might usefully influence the development of the IAASB's work in revising International Auditing Standards based on the experience of auditors in the UK.

Among the proposed revisions set out in the ITC and subsequent project proposals5, the IAASB intend to revise ISQC 1 to strengthen and improve the management of risks to quality by incorporating a quality management approach (‘QMA') at the firm level, and revise ISA 220 by incorporating the principles of the QMA at the audit engagement level. The revisions will also increase the focus on the importance of and need for effective firm governance and leadership as a foundation to the ability of the firm to achieve quality at all levels. For this reason this review considered the leadership responsibilities for audit quality procedures within firms and during 2017/18 we will be performing a thematic review focussed on audit firm governance and culture.

In the FRC's response to the ITC6 we noted that 'we fully support the IAASB's plan to revise ISQC 1 and ISA 220 to respond to the issues and challenges in quality control. We agree with the IAASB that the current standards are no longer sufficient to support audit firms in today's complex and challenging business environment'. We agree that such revisions will enable the standards to be applied to a wide range of circumstances, be sufficiently adaptable for auditors to address the evolving challenges they face, and strengthen and improve a firm's management of quality for all engagements.

1.3 Good practices observed

During the course of the review we observed a number of areas of good practice in the firms' quality control procedures that contributed to improving audit quality which merit sharing more broadly. Further details are set out in section 2.

  • Two firms have set out their audit quality procedures in a 'lines of defence' model, helping to understand how the elements of the firms' audit quality procedures interact together.
  • Half of the firms have established dedicated boards or committees specifically tasked with overseeing, maintaining and continuously improving audit quality. These boards or committees oversee all matters related to audit quality and ensure that audit quality has sufficient prominence and focus on the firm's leadership agenda. In addition, at one of these firms, the board or committee meets with one of the firm's independent non-executives once a year.
  • One of these firm has also established an audit quality forum, where audit staff discuss audit quality improvements and their suggestions are fed back to the firm's audit quality board. This staff forum also meets with the firm's independent non-executives once a year.
  • Five firms are moving towards involving their central technical support team in a sample of audits on a real time basis. This approach helps to identify potential issues, or areas for improvement, and provides an additional layer of challenge to the teams, thereby increasing the likelihood of delivering a good quality audit. It is also intended to act as a coaching tool to help improve audit quality not only for the audits being reviewed but others for which the audit team are involved.
  • Audits with a higher level of partner and director had a greater likelihood of achieving a high quality outcome prior to issue of the audit report.
  • There was evidence of consultations taking place at each audit firm demonstrating that a consultation culture was embedded in the firms with a willingness of audit teams to use the firm's consultation process to improve audit quality.
  • Consideration of additional information arising from the audit of the entity, such as the auditor's report to the Audit Committee, alongside the financial statements, by the technical reviewer can increase the likelihood of potential material undisclosed matters being identified by the technical reviewer.
  • Two firms perform periodic pre issuance compliance reviews in specific audit areas, in addition to the firms' internal quality monitoring programme, to cover each partner and manager at least once during the year. This helps to monitor, on a more timely basis, whether improvements in audit quality are being achieved across the firm.

All firms are recommended to consider these good practice observations and implement such procedures, where appropriate.

1.4 Summary of key findings

Audit firms have established a range of quality control procedures both during and after the audit. There are many aspects of the firms' and audit teams' procedures that need to work together effectively to contribute to achieving audit quality. However, our review has highlighted that in some cases, there is opportunity for these procedures to be more effective to achieve further improvements in audit quality.

The following table summarises our key findings, further details of which are set out in section 2. In some cases these highlight areas where firms should consider further improvements to their quality control procedures or in their application by audit teams.

Subject Summary of findings
Leadership responsibilities for audit quality procedures (2.1) All firms have put in place audit quality policies and procedures. All firms have resources at a leadership and management level dedicated to various aspects of audit quality.
Reviews of audit work by more senior members of the audit team (2.2) All firms also have policies where the audit work performed is reviewed by someone more senior.
Despite such leadership responsibilities and senior review, 31% of the audits reviewed in our sample (one FTSE100, four FTSE 350 and three other listed) were assessed by us as requiring more than limited improvement; indicating that the firms' quality control procedures are not yet sufficiently robust.
Inclusion of specialists and experts in the audit team (2.3) Specialists were included within the audit team for all audits reviewed, with the most frequently used specialists being taxation, valuations and IT.
Where specialists are used the audit team must ensure that their work is scoped appropriately and sufficiently evidenced on the audit file and that, where appropriate, their findings are adequately followed up and reported to the Audit Committee.
Where reference was made to the specialists' work in the audit report there were a few cases where their involvement was not accurately described.
Consultation on accounting or audit matters (2.4) Audit teams used the firms' consultation procedures appropriately, documenting the conclusions of these consultations clearly and in line with methodology requirements. As might be expected, the volume of consultations increased alongside the size and complexity of the audit.
Subject Summary of findings
Evaluation of the overall presentation of the financial statements (2.5) All of the firms have a technical review process to help ensure the quality of the financial statements that are being audited. Half of the firms performed a technical review on the annual report and financial statements in isolation with the remaining half reviewing additional information, such as the auditor's report to the Audit Committee, alongside the financial statements. One firm included a review of the audit file as part of the technical review.
Other initiatives to improve audit quality - Use of service delivery centres (2.6.1) Of the firms reviewed five used service delivery centres (SDC's) for the completion of certain elements of audit work. The remaining firm was considering the establishment of an SDC. Of the five firms with SDC's, four stipulated the nature of the work that was permitted to be performed, with one firm putting the onus on the audit team to evaluate if the SDC staff had the skills and competencies required to complete the work assigned.
Overall the percentage of audit work in hours performed by SDC's has increased by 70% year on year between 2013 and 2016. Audit firms should consider how audit quality can be maintained or improved as the trend for outsourcing sections of audit work increases.
Other initiatives to improve audit quality - Real time quality reviews of audit work in progress (2.6.2) Five firms have implemented a real time independent quality review on a sample of audits. One of these performs an independent review of audit work for all audits but also performs a further independent review at the planning stage of a selection of audits on a thematic basis. Firms do not maintain an audit trail on the file detailing the nature of the challenges raised and the consequential actions of the audit team. It is therefore not possible to assess clearly the impact of these reviews in improving audit quality.
One firm did not have a real time review scheme in place nor were they in the process of setting up such reviews.
Other initiatives to improve audit quality - compliance monitoring (2.6.3) The schemes in place varied considerably from one firm to the next with the common thread being the fact that the reviews all took place post issuance.
Three firms had regular compliance style reviews of specific aspects of the audit to monitor improvements in audit quality.
Two firms had post issuance reviews of a sample of audits to provide feedback and coaching to audit teams.

All firms are recommended to consider these findings, in conjunction with any insights arising from their root cause analysis, to consider whether and how their quality control procedures could be enhanced to improve audit quality where appropriate.

2. Key findings

ISQC (UK) 1 requires firms to establish and maintain a system of quality control that comprises six key elements. As detailed in appendix 1, this review has considered several aspects of the firms' procedures and we have findings to report in the following areas:

  • Tone from the top - Leadership responsibilities for audit quality procedures
  • Reviews of audit work by more senior members of the audit team
  • Inclusion of specialists and experts in the audit team
  • Consultation on accounting or audit matters
  • Evaluation of the overall presentation of the financial statements
  • Other initiatives to improve audit quality
    • Use of service delivery centres to perform audit work
    • Real time quality reviews of audit work in progress
    • Compliance monitoring

As noted in our Developments in Audit report, issued in July 2016, our reviews of audit tender proposals noted that almost every proposal included references to audit quality, with several going into considerable detail about how the firm maintains audit quality and what quality actually means. Although a number of quality control procedures are established by firms, ISQC (UK) 1 does not currently require all of these procedures.

All of the audit firms have put in place a range of quality control policies and procedures, such as reviews, consultations and involvement of specialists in the audit, to improve and safeguard audit quality. An overview of the types of policies and procedures in place at each firm is summarised below:

Overview of firm's quality control procedures

Audit Quality process Firm A Firm B Firm C Firm D Firm E Firm F
Audit Quality Board/Committee [2.1] - -
Technical review [2.5]/ consultations [2.4] /specialists [2.3] -
Pre-audit report real time reviews [2.6.2] ✓* - -
Post issuance reviews [2.6.3] - - - - -
Compliance reviews [2.6.3] - - -
  • Recently introduced or pilot

These many aspects of the firms' policies and procedures, and the firms' and audit teams' exercise of these, need to work effectively together to contribute to achieving a high level of audit quality. The existence of quality control procedures at the firm level does not abdicate the audit team's responsibility to perform a high quality audit.

Details of our findings and the good practices we observed in our review are set out in the remainder of this section.

2.1 Tone from the top - Leadership responsibilities for audit quality procedures

Why is this important? Audit firms' leadership collectively has responsibility and accountability for modelling and articulating an audit firm culture where audit quality is at the forefront of individuals' minds. There are many aspects of the firms' and audit teams' procedures that contribute to, and need to work effectively together, to achieve audit quality and continuous improvement.

Summary of findings All of the firms have put in place various audit quality policies and procedures. All firms have dedicated resource at leadership and management level which are responsible for and consider various aspects of audit quality.

31% of the audits reviewed in our sample (one FTSE100, four FTSE 350 and three other listed) were categorised by AQR as requiring more than limited improvement indicating that the firms' quality control procedures are not yet sufficiently robust.

Good practices observed Two firms have set out their audit quality procedures in a 'lines of defence' model, helping to understand how the elements of the firms' quality procedures interact together to achieve audit quality.

Half of the firms have a dedicated board or committee that is specifically tasked with maintaining and continuously improving audit quality. Dedicated audit quality boards/ committees oversee all matters relating to audit quality, bringing these together and ensuring that audit quality has specific prominence and focus in the firm's leadership agenda. In addition, at one firm, the audit quality board or committee also meets with one of the firm's independent non-executives once a year.

One firm has also established an Audit Quality Forum where audit staff discuss improvements to audit quality and their suggestions are fed back to the firm's audit quality board. The staff forum also meets with the firm's independent non-executives once a year.

All firms reviewed do have an appropriate focus on audit quality at the leadership level with individuals responsible for the firm's audit functions represented on the firms' senior management teams, with communication lines to the firms' independent non-executives. Some of these functions are inter-related and the reporting lines can be complex. All firms have functions that are responsible for:

  • Audit technical matters, including providing audit training, audit technical review and support and consultations on audit matters;
  • Accounting technical matters, including providing accounting training, accounting technical review and support and consultations on accounting matters;
  • Audit monitoring, and
  • Auditor ethical and independence matters.7

Audit Quality - Lines of defence

The Chartered Institute of Internal Auditors ('CIIA') set out a three lines of defence model in its paper on internal audit's governance of risk issued on 10 December 2015. This model can be applied to external audit and two firms have summarised their approach to managing audit quality risk in terms of these lines of defence. This helps the firm's leadership to visualise how the firm's quality control procedures work together to achieve audit quality. This model considers the roles and responsibilities for audit quality at different stages of the process to help reduce the risk that audit quality is not maintained or is inconsistent. We have considered the CIIA paper and each of these firms' models and set out below our view on what this may look like:

This diagram illustrates the "Three Lines of Defence" model for audit quality.

  • First Line: Individual audit teams and their utilisation of the firms' resources.
  • Second Line: Firms' central policies, procedures, and resources for delivering good quality audits.
  • Third Line: Firms monitoring and assessment of the quality of audits and the effectiveness of its policies and procedures.
  • The first line of defence are the functions that own and manage the audit quality risks - the individual audit teams and their utilisation of the firm's resources to deliver good quality audits.
  • The second line of defence are the firms functions that oversee or specialise in audit quality management and compliance - the central policies, procedures and resources put in place by the firm for delivering good quality audits.
  • The third line of defence are the functions that provide independent assurance - the firm's monitoring and assessment of the quality of audits delivered and the effectiveness of its policies and procedures.

The third line of defence provides assurance over the first and second lines of defence and will identify where improvements are required, feeding back into a continuous process.

First line of defence

  • Selection of an appropriate audit team including use of specialists on the audit (2.3)
  • Reviews of audit work by more senior members of the audit team (2.2)
  • Use of service delivery centres (2.6.1)
  • Access to technical support (including consultations (2.4) and technical reviews of financial statements (2.5))
  • Real time support and coaching (2.6.2)

Second line of defence

  • Tone from the top - Leadership responsibilities for audit quality (2.1)
  • Firm's audit methodology and guidance, including innovation
  • Resource management, including allocation of an EQCR
  • Recruitment and training of audit staff, appraisal and performance management

Third line of defence

  • Firm's internal quality monitoring and root cause analysis
  • Compliance monitoring (2.6.3)
  • Staff surveys/appraisal feedback

Leadership focus on overall audit quality

In all firms the senior leadership teams for audit and the firm as a whole, including functions such as tax, corporate finance etc, will be responsible for a number of matters affecting the audit practice, including audit quality. They are also responsible for all of the firm's business lines and aspects of quality for the firm as a whole. To improve the focus on audit quality specifically, three firms have established boards/committees that only consider matters related to maintaining and improving audit quality. These comprise the leaders of the firms' technical functions and audit business unit leaders who meet between four and twelve times a year. These boards/committees are responsible for matters such as:

  • Developing the firm's audit quality plan
  • Responding to audit quality issues
  • Monitoring the progress of quality enabling initiatives
  • Demonstrating tone at the top
  • Responding to audit quality questions
  • Providing direction to the firm's functions responsible for the firm's audit quality controls.

This helps to ensure a fully coordinated and considered approach to maintaining, monitoring and improving the firm's audit quality. In addition, at one of these firms, one of the firm's independent non-executives meets with the audit quality board/committee once a year. Given the independent non-executives role to promote audit quality we consider this to be good practice.

One of these firms has also established an audit quality forum where audit staff can discuss their views on how to improve audit quality and their suggestions are fed back to the firm's audit quality board. In addition, the firm's independent non-executives meet with this forum once a year. We consider this to be a positive initiative in understanding how audit quality is delivered in practice by the firm's staff and whether there are improvements that can or need to be made.

Effectiveness of quality controls on audits reviewed

For this thematic review we reviewed the outcome of our normal AQR inspection reviews on 26 audits across the firms. Eight of these audits (one FTSE100, four FTSE 350 and three other listed) were categorised by AQR as requiring more than limited improvement. We would have expected the firms' quality control procedures to have identified and corrected the matters identified by AQR prior to the audit opinion being signed. Whilst the sample of audits selected for consideration in this thematic review is small the proportion of audits requiring more than limited improvements is higher than expected. In particular, for FTSE350 audits in our sample, the proportion of audits requiring more than limited improvement was 26%, compared to the target we have set that only 10% will be in this category by 2019. To achieve faster improvements in, and greater consistency of, audit quality strong leadership and the right culture in audit firms is required. In addition to this thematic review, we are therefore proposing to perform a thematic review during 2017/18 into the effectiveness of audit firm governance and culture to support the delivery of further improvements in audit quality.

2.2 Reviews of audit work by more senior members of the audit team

Why is this important? Review of audit work performed by audit staff by more senior staff as the audit progresses is an important component of quality control arrangements in support of achieving a high quality outcome.

Summary of findings All firms have policies where the audit work performed is reviewed by someone more senior. On large audits, the audit partner may be assisted by a director to review audit work performed in certain areas.

For the audits categorised by AQR as requiring more than limited improvement these review procedures were not fully effective.

Good practices observed Audits with a higher level of partner and director involvement had a greater likelihood of achieving a high quality outcome prior to issue of the audit report.

All firms have policies where the audit work performed is reviewed by someone more senior8 and for certain audits, an independent EQCR9 is required. The engagement partner takes overall responsibility for the quality of the audit work performed. They are required to review the audit working papers prepared by the audit team to ensure that sufficient audit evidence has been obtained, particularly in judgemental areas, and reach the final conclusions. On large audits they may be assisted by a director in reviewing the audit work performed in certain areas.

For the 26 audits selected for this thematic review we analysed the time recorded by various members of the audit team and, in particular, the proportion of time recorded by the partner and director and compared this to the AQR categorisation of all 26 audits. The time recorded will reflect time spent reviewing and evaluating the work performed by the more junior members of the audit team as well as meetings with entity's management and the Audit Committee.

For those audits where the involvement of the partner and director was above the median, 25% required more than limited improvements. However, for audits where the amount of involvement was below the median this increased to 33%. This indicates that the review of audit work by more senior auditors as the audit progresses results in a greater likelihood of achieving a high quality outcome prior to issue of the audit report.

For the five audits categorised as requiring more than limited improvement, and where the time recorded by the partner and director was below the median, issues related to audit quality arose in the following areas:

  • On two audits, in significant risk areas, there was insufficient challenge of management's estimates.
  • In one audit the audit team obtained insufficient audit evidence to support material disclosures in the financial statements and in two audits the firm's quality review procedures did not identify errors in the audit report.
  • On another audit there was insufficient consideration of the competence of the component auditor and insufficient involvement of the group audit team in the work of the component audit team.
  • On another audit the audit team did not adequately assess the impact of control weaknesses on their audit strategy and therefore did not perform sufficient audit procedures to mitigate the lack of an effective control environment.

For all of these matters we would have expected either the reviewing partner (or the EQCR or the firm's quality control procedures) to identify and correct these matters prior to the audit opinion being signed.

2.3 Inclusion of specialists and experts in the audit team

Why is this important? An audit team may encounter complex matters that are potentially material to the financial statements. Such matters may require special skill or knowledge and firm's procedures requiring the audit team to use the work of a specialist or auditor's expert help to deliver a high quality audit.

Summary of findings Specialists or auditor's experts were included within the audit team for all audits reviewed, with the most frequently used specialist being taxation, valuations and IT.

Where specialists are used the audit team must perform the appropriate procedures to ensure that the specialists work is scoped appropriately, that their work is sufficiently evidenced on the audit file and that, where appropriate, their findings are adequately followed up and reported to the Audit Committee.

Where reference was made to the specialists' work in the audit report there were a few cases where their involvement was not accurately described.

Good practices observed Good quality audit work was noted on two audits where specialists/experts were used on the audit in an effective manner.

Reference to the use of specialists or experts in the audit report provides useful information for users of the financial statements by demonstrating informed challenge of management.

The recent ICAS/FRC report 'Auditor skills in a changing business world' identified the need for audit teams to bring together multi-disciplinary teams. The larger audit firms all have a wide range of specialists or experts (‘specialists') that audit teams can utilise on audits. The use of specialists on audits in areas where the auditor encounters complex matters that are potentially material to the financial statements can help ensure the audit team delivers a high quality audit. These specialists can help the audit team to provide an informed challenge of management's critical judgements.10

Specialists were involved on all of the 26 audits reviewed, with the most frequently used being taxation, valuations and IT. The table below shows the average percentage of specialist time spent on the audit by type of entity which shows the increased use of specialists as the complexity of the audit increases.

Use of specialists on audits

%age of specialist time on audit Number of specialists Average number of specialists %age using tax %age using valuations %age using IT
FTSE100 19.3% 2 to 5 3.9 100% 86% 100%
FTSE250 12.1% 1 to 5 2.8 100% 83% 42%
Other listed 7.5% 1 to 4 2.1 86% 71% 43%

For these audits, there were no audits where a specialist had not been involved in the audit by the audit team to address a significant risk. We noted four audits where IT specialists were consulted to agree that they did not need to be involved in the audit. For these audits the percentage of audits with IT specialist input would increase from 42% to 67% for FTSE250, and from 43% to 57% for other listed.

Of the 26 audits considered as part of this thematic review we identified good quality audit work on pension obligations (one audit) and tax (two audits) where the group audit team used specialists (actuarial and tax) in an effective manner. This included detailed memos on the audit file evidencing the group audit team's involvement with the specialists, evaluation of the work performed; and consideration and performance of procedures to address issues identified by specialists.

However, we identified issues in areas involving specialists in three of the eight audits requiring more than limited improvement. Audit teams should ensure that where a specialist is involved the audit team ensures that the work of the specialists is fully integrated into the audit. We noted the following matters:

  • In one audit, weaknesses in controls identified by the IT specialists were not sufficiently followed up by the audit team and the audit approach was not sufficiently amended to mitigate the weaknesses identified.
  • In another audit, the audit team did not provide clear instructions to the actuarial specialists on the scope of their work on the entity's insurance reserves.
  • In another audit, the specialist's findings were not adequately reported to the Audit Committee.

Where valuation specialists were used by audit teams, reference was ordinarily made to their involvement within the audit report, although we noted that the use of IT and tax specialists, despite being the most frequently used on all audits, was less frequently mentioned.

Reference to the use of specialists in audit reports

Number of specialists Average number of specialists %age tax %age valuations %age IT
FTSE100 1 to 3 1.9 57% 86% 14%
FTSE250 0 to 3 1.3 33% 67% 0%
Other listed 0 to 3 1.2 20% 40% 20%

Reference to the use of specialists on the audit team is useful information for users of the financial statements to demonstrate the quality of the audit in providing informed challenge of management in complex areas. However, we also noted that care should be taken in describing the specialists work as we identified the following matters:

  • In one audit the audit report stated that "We engaged our financial modelling specialists to sample test the logical operation of the financial models.” The audit report did not make it clear that, for the sample of models selected, the specialists only performed a limited review of year on year changes and had at no point tested the logical operation of the models in their entirety.
  • In one audit the audit report noted that tax specialists were used but did not specify that their work did not cover all of the tax balances.

2.4 Consultation on accounting or audit matters

Why is this important? Consultation helps to promote quality and improves the application of professional judgement. It can ensure consistency and appropriate application of the firm's methodology and professional standards. Consultation can also facilitate meaningful discussion and challenge which should result in more robust, defensible and better documented audit evidence which in turn improves overall audit quality.

Summary of findings Audit teams were using the firm's consultation processes appropriately and documenting the conclusions of these consultations clearly and in line with methodology requirements.

Two fifths of the audit engagements reviewed required consultations and those consultations were undertaken. As expected, the volume of consultations increased alongside the size and complexity of the audit.

Good practices observed There was evidence of consultations taking place across each firm with consistent requirements for audit documentation to be retained. This demonstrated that a consultation culture was embedded in the firms with a willingness of audit teams to use the firm's consultation processes.

There was evidence of consultations11 taking place on 11 of the 26 audits reviewed with consistent requirements for audit documentation to be retained for these. There were three consultations on materiality thresholds, two on goodwill/intangible assets and two on impairment and acquisition accounting respectively. Of the audit teams which held consultations, five related to FTSE 100, three to FTSE 250 and two to other listed entities. This demonstrated that a consultation culture was embedded in the firms with a willingness of audit teams to use the firm's consultation processes when it is appropriate to do so.

We did however identify one audit requiring more than limited improvements that may have benefited from the audit team requesting a consultation to assist in reaching its conclusion, thereby improving audit quality.

2.5 Evaluation of the overall presentation of the financial statements

Why is this important? Independent review of the financial statements by individuals with accounting expertise can help to identify issues or discrepancies that the audit team may not have considered.

Summary of findings All of the firms have a technical review process to ensure the quality of the financial statements being audited. Half of the firms performed a technical review on the annual report and financial statements in isolation with the remaining half reviewing additional information alongside the financial statements. One of the firms included a review of the audit file as part of the technical review for all audits.

Good practices observed Consideration of other relevant information alongside the financial statements can help to broaden the understanding of the technical reviewer of the background and specific issues of the company. This increases the likelihood of potential undisclosed matters or inaccuracies being identified.

All of the larger firms provide regular training on IFRS and listing requirements to partners and staff, including technical reviewers.

All firms' audit methodologies require a number of audit procedures to evaluate the overall presentation of the annual report and financial statements. These procedures include completing disclosure checklists, reviews by members of the engagement team and the EQC Reviewer, and obtaining a technical review from an independent reviewer with specific accounting technical expertise. The responsibilities of the individuals involved in these procedures varied between firms and, in some cases, it was not clear whether these responsibilities were clearly defined or, in some cases, whether they were appropriate. Lines of responsibilities may therefore become confused and errors in the annual report and financial statements may not be identified and corrected.

We identified a couple of errors, omissions and inconsistencies in financial statements which were not significant enough to affect the audit opinion but which suggest that the review arrangements of the firms in question were not always fully effective.

  • In one audit the firm's reviews of the annual report did not identify that certain information presented in the annual report did not clearly reflect the impact of significant events in the year and was inconsistent with the results presented in the financial statements.
  • In one audit the levels of overall and performance materiality and the clearly trivial thresholds disclosed in the audit report were incorrect and the firm's quality review procedures failed to identify the error.

2.5.1 Disclosure checklists

Audit teams complete a disclosure checklist to evaluate whether the financial statements are in accordance with the applicable financial reporting framework. All firms use disclosure checklists developed either internally or by third party providers which are updated on a regular basis.

2.5.2 Technical review

We noted differences in the structure of audit firms' technical review functions, the types of audit engagements where the financial statements are required to be subject to technical review, the information received by the technical reviewer and the responsibilities for dealing with the points raised by the reviewer. These differences may affect the quality and effectiveness of these reviews. However, we are cautious in drawing qualitative comparisons from the existence of, or absence of, any specific procedure, or in its application. This is because our work did not include re-performing the technical review.

The differences in the larger firms are summarised in the following table:

Firm's technical review resources

Firm A Firm B Firm C Firm D Firm E Firm F
Technical review required for all financial statements Yes Yes Specific entities or on request Yes Specific entities or on request Yes
Technical reviewer from central team for all financial statements Large yes, small no^ Yes Yes Large yes, small no^ Yes Yes
Technical reviewer required to sign off the points raised No∞ Yes No∞ Yes Yes Yes

^ Individuals within the audit departments are selected and receive training to be accredited technical reviewers. ∞ The accredited technical reviewer is under the supervision of the EQC Reviewer and the EQC Reviewer is responsible for signing off the technical review.

Requirement for technical review

Most of the firms require a technical review for the financial statements of listed company or high risk audits. However, two firms do not require a technical review for certain smaller listed company audits other than for the first year audit by the firm. A technical review may be requested by audit teams in subsequent years where there is higher risk due to changes in the entity or in the financial reporting framework.

Firms' technical accounting resource

All six firms invest significant resource in their central technical accounting teams who spend all of their time on accounting technical matters, and whose responsibilities include performing technical reviews of draft annual reports and financial statements and providing technical accounting advice to audit teams. They support audit teams in evaluating whether financial statements prepared by management comply with the applicable financial reporting framework. Given the complexities of IFRS, these technical resources can contribute to improving the audit of financial statement disclosures.

In general, the technical reviews of the firms' largest listed company audits are performed by technical reviewers with more seniority and technical accounting experience. For their smaller listed company audits, two firms use accredited individuals within the audit departments to perform technical reviews on a part time basis. These reviewers will, however, be supervised by a more senior technical reviewer.

Information provided for technical review

The larger firms have differing policies on the information provided to the technical reviewer as set out in the following table:

Information received by the technical reviewer

Firm A Firm B Firm C Firm D Firm E Firm F
Draft financial statements Yes Yes Yes Yes Yes Yes
Disclosure checklist No Yes No Yes No Yes
Summary of key audit findings Yes Yes No Yes Yes No
Planning discussion with audit team Yes Yes No Yes No No
Draft Audit Committee report Yes Yes No Yes No No

Where the technical reviewer only receives the annual report and financial statements, they will only be able to provide comment on whether disclosures are in compliance with the financial reporting framework. Consideration of other relevant information from the audit alongside the financial statements can help to broaden the understanding of the reviewer of the background and specific issues of the company. This increases the likelihood of potential undisclosed matters or inaccuracies being identified.

2.6 Other initiatives to improve audit quality

Why is this important? Specific audit initiatives help to achieve consistent audit quality, identify areas of improvement and monitor the effectiveness of training in specific areas requiring improvement. Implementation of these initiatives helps to facilitate continuous improvements to drive up audit quality and demonstrates the firms' leaderships' commitment to audit quality by going above and beyond the requirements of standards.

Each of the firms have implemented a number of additional quality control procedures to support and improve audit quality. We have observed the use of three specific initiatives (the use of service delivery centres, real time reviews of in progress audit work and compliance monitoring of completed audits) and each are discussed further in the following sections.

2.6.1 Other initiatives to improve audit quality – Use of service delivery centres to perform audit work

Why is this important? With increased pressure to achieve efficiencies and enhance audit recoveries, the use of offshore or onshore service delivery centres by audit firms to perform certain audit work has become more prevalent. Audit quality can be improved by using staff in these centres to perform routine audit work, allowing the core audit team to focus on areas of the audit with higher risks to audit quality.

Summary of findings Of the firms reviewed five used service delivery centres for the completion of sections of audit work. The remaining firm was considering the establishment of a service delivery centre. Of the five firms with these centres in place, four stipulated the nature of the work that was permitted to be performed, with one firm putting the onus on the audit team to evaluate if the service delivery centre staff had the skills and competencies required to complete the work assigned.

Overall the percentage of outsourced audit work in hours has increased by 70% year on year between 2013 and 2016. Audit firms should consider how audit quality can be maintained or improved as the trend for outsourcing sections of audit work increases.

Good practices observed All but one of the firms with service delivery centres stipulated that the work that could be delegated was limited to routine and low risk areas of the audit. This helps to ensure the audit team retains full control areas of the audit with the highest risks to audit quality.

Audit quality can be improved by using staff in onshore or offshore service delivery centres ('SDCs) to perform routine audit work and allowing the core audit team to focus on higher risk areas of the audit. SDC staff performing routine audit work on a frequent basis improve their skills and improve the consistency of the quality of work performed. The average percentage of audit hours performed in an SDC in 2015/16 was 7.9% (2013: 4.6%), with one firm utilising SDC's to a significantly higher extent than the others with the SDC time averaging 11.4% for 2015/16. One firm has only recently commenced using an SDC on audits and is not included in these statistics. One firm had not used an SDC at the time of this review but is now in the process of setting one up. The most common areas of audit work being performed by an SDC were as follow:

Audit work performed by service delivery centres

Firm A Firm B Firm C Firm D Firm E Firm F
Financial statement testing/tie outs Yes Yes Yes Yes Yes No
Assistance in completion of financial statement disclosure checklist No Yes No No Yes No
External confirmation tie outs Yes Yes No Yes Yes No
Roll forward of lead sheets No Yes Yes Yes Yes No
Tests of detail Yes No Yes No No No

The firms with SDCs permit audit teams to use the SDC to perform the basic checks of financial statements, such as mathematical accuracy, cross referencing and consistency.

The SDCs for two firms may complete disclosure checklists in certain circumstances for listed companies, after the audit team has completed the tailoring questions. In both firms there has been limited use of this permission, and teams have preferred to use staff from within the local audit team for this work.

Two firms permitted other areas to be outsourced to the SDC including cash testing, process flow diagrams, review of board minutes, operating expenses testing, fund audits, journal data analysis, knowledge management, expert's competence assessment and related parties. Audit firms should ensure that the SDC staff have the appropriate skills and knowledge to perform this work and that the audit team retains overall responsibility for the quality of the audit.

The SDC testing of related parties adopts a split approach to the review with the SDC team performing research over expected related parties which is then provided to the audit team. The audit team then upload the list of the group/ company's related parties which is compared to expectations by the SDC team. The differences between the two lists are then reviewed and sent back to the audit team for discussion with management. Related parties is an area of improvement within a number of audits and thus this approach could help to reduce the risk of unidentified related parties.

Two firms are planning to further increase the amount of audit work performed by SDCs to 10% or 15%. Audit firms should consider how audit quality can be maintained or improved alongside the increasing trend for outsourcing sections of audit work.

2.6.2 Other initiatives to improve audit quality – Real time quality reviews of audit work in progress

Why is this important? Real time quality reviews of an audit file can help identify and rectify issues arising from the audit work in a timely manner. It facilitates challenge and independent quality considerations which should contribute to an enhancement of overall audit quality. Furthermore, the review acts as a coaching and development tool for the audit team involved which should contribute to an enhancement of overall audit quality.

Summary of findings Five firms have implemented a real time quality review on a sample of audits but, in most cases, do not maintain an audit trail on the file detailing the nature of the challenges raised and the consequential actions of the audit team. It is therefore not possible to assess the impact of these reviews in improving audit quality or whether they identify areas where the firms' existing quality control procedures could be improved.

One firm did not have a real time review scheme in place.

Good practices observed Five firms are moving towards an increased central team involvement on a real time basis in a sample of audits. This approach helps to identifies potential issues, or areas for improvement, and provides an additional layer of challenge to the teams, thereby increasing the likelihood of delivering a good quality audit. It is also intended to act as a coaching tool to help improve audit quality not only on the audits being reviewed but others on which the audit teams are involved.

Nature and purpose of the reviews of in progress audit work

As noted in 2.1, a number of quality review procedures are required within the audit process to ensure that the audit meets the required quality standards. However, in response to continued internal and external audit quality findings on completed audits, some firms have implemented programmes for a central team of experienced staff to provide coaching and support to the audit team for a sample of audits whilst the audit is in progress. This is an area of significant difference between the firms.

  • One firm has a well-established system to involve a dedicated central team in audit engagements with specific criteria with the dual purpose of improving quality and coaching the staff involved as the audit progresses. It is interesting to note that for this firm none of the audits in our sample required more than limited improvement regardless of the amount of time spent by the partner or director on the audit (we do note that this is a small sample and may not be indicative across all of the firms' audits). This may indicate the effectiveness of these reviews in ensuring the required level of audit quality.
  • Another four firms have similar procedures for a selection of audit engagements but are in a much earlier stage of implementation. The firms identified staff coaching as the primary objective of the involvement of these central teams during the audit.
  • One firm operates an independent review procedure for all audits which includes a technical review on the financial statements and a review of risk areas of the audit. This independent review process is now established as part of the EQCR procedures in the current year. This firm has recently introduced a further independent review process on a thematic basis to review the audit planning which then feeds into the audit process. Teams have the ability to self-refer for inclusion within this thematic.
  • At one firm the audit team may request a review of the audit file post signing of the audit report but prior to the audit file being archived.
  • One firm has no such reviews in place nor has cited any plans for the establishment of such review procedures.

In most cases, firms do not maintain an audit trail detailing the nature of the challenges raised and the consequential actions of the audit team. It is therefore not possible to assess the impact of these reviews in improving audit quality. Audit firms should consider how they assess the effectiveness of this increased involvement of central teams during the audit execution stage in improving audit quality and whether they identify areas where the firms' existing quality control procedures could be improved.

2.6.3 Other initiatives to improve audit quality – Compliance monitoring

Why is this important? Compliance monitoring helps to assess, on a timely basis, whether improvements in audit quality in specific areas are being achieved across the firm.

Summary of findings The schemes in place varied considerably from one firm to the next with the common thread being the fact that the reviews all took place post issuance.

  • Three firms had regular compliance style reviews established to review specific aspects of the audit to monitor improvements in audit quality.
  • Two firms had post issuance review of a sample of audits to provide feedback and coaching to audit teams. To improve audit quality more actively it would be more effective for these reviews to take place prior to the audit opinion.

Good practices observed Two firms ensured that compliance style reviews cover each of the managers and partners at least once during the year.

Three firms perform a compliance check style review that focuses on certain aspects of the audit with specific consideration given to coverage of all audit partners and managers. These reviews are performed either pre or post-issuance at regular intervals (eg quarterly) and the checks are designed to be yes/no answers rather than assessing the judgements reached or the quality of the underlying audit work. These are focused on specific areas of the audit where it has been noted that audit teams need to improve.

Two firms also performed post-issuance reviews of audit files with a focus on higher risk audit areas. These reviews are intended to identify areas of improvement for the subsequent year's audit work, to act as a coaching mechanism for teams and a means of determining trends and areas of weakness across the audit practice. One firm performs these reviews at the request of the audit team with the reviews taking place after the audit opinion is signed but prior to the audit file being archived. The primary aim is to be to provide coaching to the audit team prior to next year's audit. To improve audit quality more actively it would be more effective for these reviews to take place prior to the audit opinion.

2.7 Conclusion and next steps

All firms have established varying quality control review procedures both during and after the audit. To achieve further improvements in, and consistent, audit quality there are some matters raised in this report where firms should consider further improvements to their procedures and some which require improvement in the audit teams' application of these procedures in practice. Firms should consider whether there are any insights arising from their root cause analysis12 where their quality control procedures could be enhanced to further improve audit quality.

We will continue to monitor the firms' progress in improving audit quality and, during our routine inspections, will continue to focus on the firms' leadership, the use of service delivery centres and the use of specialists on audits. In particular, in 2017/18 we will be conducting a thematic review into audit firm governance and culture at the eight firms adopting the Audit Firm Governance Code.

Appendix 1

Elements of the system of quality control for audit

International Standard on Quality Control 1: Quality control for firms that perform audits and reviews of financial statements, and other assurance and related services engagements ('ISQC1'), covers the quality control procedures that the firm is required to put in place. The objective of the firm is to establish and maintain a system of quality control to provide it with reasonable assurance that:

  1. The firm and its personnel comply with professional standards and applicable legal and regulatory requirements; and
  2. Reports issued by the firm or engagement partners are appropriate in the circumstances.

International Standard on Auditing 220: Quality control for an audit of financial statements ('ISA220), covers the quality control procedures that the auditor is required to put in place at the engagement level. The objective of the auditor is to implement quality control procedures at the engagement level that provide the auditor with reasonable assurance that:

  1. The audit complies with professional standards and applicable legal and regulatory requirements; and
  2. The auditor's report issued is appropriate in the circumstances.
ISQC 1 Element ISA 220 Element Covered by this review
Leadership responsibilities for quality within the firm The engagement partner shall take responsibility for the overall quality on each audit Yes
Relevant ethical requirements The engagement partner should remain alert for evidence of non-compliance by members of the engagement team with relevant ethical requirements No
Acceptance and continuance of client relationships and specific engagements The engagement partner shall be satisfied that appropriate acceptance and continuance of client relationships and specific engagements procedures have been followed No
Human resources The engagement partner shall be satisfied that the engagement team, and any auditor's experts, have the appropriate competence and capabilities Yes
Engagement performance The engagement partner shall be satisfied that: Yes
- Consultation - there is appropriate consultation - Yes
- Engagement quality control review - an engagement quality control reviewer is appointed - AQR thematic review in 2015
- Differences of opinion - differences of opinion are resolved - Yes
- Engagement documentation - engagement documentation supports the conclusions reached - No
Monitoring Monitoring AQR thematic review in 2015 and root cause analysis AQR thematic review in 2016

Appendix 2

The approach to the thematic review can be summarised as follows:

  • Each firm was asked to complete a questionnaire based on different aspects of their quality control process and other related questions.
  • Discussions were held with the firms in relation to their quality control processes.
  • The responses to the questionnaires were reviewed and the different responses were compared across the firms. Areas of good practice and outliers were identified and followed up.
  • The link between the AQR inspection results for a sample of 26 audits and the firms' quality control procedures were reviewed.
  • The results of our review were presented to, and discussed with, each of the firms.

Financial Reporting Council 8th Floor 125 London Wall London EC2Y 5AS

+44 (0)20 7492 2300

www.frc.org.uk

  1. International Standard on Quality Control (UK) 1 (Revised June 2016) Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and other Assurance and Related Services Engagements 

  2. International Standard on Auditing (UK) 220 (Revised June 2016) Quality Control for an Audit of Financial Statements 

  3. BDO LLP, Deloitte LLP, Ernst & Young LLP, Grant Thornton UK LLP, KPMG LLP and KPMG Audit plc and PricewaterhouseCoopers LLP 

  4. International Auditing and Assurance Standards Board 

  5. Enhancing Audit Quality: IAASB Project Proposal for the Revision of the IAASB'S International Standards Relating to Quality Control and Group Audits (December 2016) 

  6. FRC response to IAASB Invitation to Comment - 18 May 2016 

  7. This report does not specifically cover how firms deal with ethical and independence matters. 

  8. The firm's review responsibility policies and procedures shall be determined on the basis that work of less experienced team members is reviewed by more experienced engagement team members (ISA 220.33). 

  9. Engagement Quality Control Reviews were the subject of a thematic review published in February 2016 and therefore have not been included in the scope of this review. 

  10. The engagement partner shall be satisfied that the engagement team, and any auditor's experts who are not part of the engagement team, collectively have the appropriate competence and capabilities to perform the audit engagement in accordance with professional standards and applicable legal and regulatory requirements (ISA 220.14). 

  11. The engagement partner shall take responsibility for the engagement team undertaking appropriate consultations on difficult or contentious matters (ISA220.18) 

  12. https://frc.org.uk/Our-Work/Publications/Audit-Quality-Review/Audit-Quality-Thematic-Review-Root-Cause-Analysis.pdf 

File

Name Audit Quality Thematic Review: Firms' audit quality control procedures and other audit quality
Publication date 27 September 2023
Type Thematic review
Format PDF, 358.2 KB
Download original
Back to top