The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

No human verification has been conducted of the converted content.
While we strive for accuracy errors or omissions may exist.
This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

Tier 2 and Tier 3 Audit Firms - Audit Quality Inspection and Supervision 2022/23

The FRC does not accept any liability to any party for any loss, damage or costs however arising, whether directly or indirectly, whether in contract, tort or otherwise from action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it. © The Financial Reporting Council Limited 2023 The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368.

1. Overview

This report sets out key inspection and supervision findings at Tier 2 and Tier 3 firms, alongside areas of good practice, which all audit firms should pay close attention to. It also outlines the extensive supervision activity the FRC now undertakes to ensure Tier 2 and Tier 3 firms are growing sustainably and are prioritising the delivery of high quality audit. Where necessary, we act assertively to hold firms to account where they fall short of the high standard expected. We also focus on acting as an improvements regulator, by sharing good practice and supporting firms as they grow, such as through the introduction of the Audit Firm Scalebox.

Tier 2 and Tier 3 firms audit 17% of UK PIEs but their share of PIE audit fees remains less than 2%.

We focus our risk-based supervision on those audit firms that have the largest share of the UK Public Interest Entity (PIE) audit and Major Local Audit (MLA) markets, where deficiencies would have the greatest impact on overall audit quality. Since December 2022, we also separately register firms and Responsible Individuals (RIs) to audit PIEs through our PIE Auditor Registration regime (in the UK, PIEs are defined in Section 494A of the Companies Act 2006 and in Regulation 2 of The Statutory Auditors and Third Country Auditors Regulations 2016).

Our approach is proportionate and is supported by organising firms into appropriate tiers with differing levels of supervisory input. We reported on our findings at firms in Tier 1, which audit the majority of UK PIEs, in July 2023.

Only 38% of the Tier 2 and Tier 3 audits we inspected in 2022/23 required no more than limited improvements a further 38% required significant improvements.

Firms in Tier 2 and Tier 3 are an important and growing part of the PIE audit landscape with 27 such firms on the PIE Auditor Register as at 31 October 2023. Consistent high quality audit is of paramount importance. We also want firms to be able to increase the number and complexity of the PIEs they audit, to improve the resilience of the audit market.

Our inspection findings at Tier 2 and Tier 3 firms for the year ended 31 March 2023 (2022/23) are again unacceptable. Only 38% of audits reviewed required no more than limited improvements and a further 38% required significant improvements. While these results reflect a small, risk-based sample of audits which may not be indicative of audit quality across different individual firms, they continue to indicate an urgent need for improvements in audit quality in this sector of the market.

Disappointingly, many of our findings were in routine areas, such as the audit of journal entries and complying with archiving requirements. We also had findings in areas of greater complexity. It is of particular concern that we continue to identify findings in the audit of judgements and estimates, and going concern, both of which require audit teams to demonstrate robust professional scepticism.

Many of the themes emerging from our 2022/23 inspections of firms' systems of quality control are the same as in previous years. For example, the lack of linkage between audit quality and how auditors are rewarded, and inadequate policies and procedures to monitor and ensure compliance with ethical requirements.

Firms must listen to the audit quality messages we share and invest in their quality management systems.

All Tier 2 and Tier 3 firms must invest in and prioritise improvements in audit quality, listen to the 'what good looks like' messages we share and respond swiftly. We are encouraged by those Tier 2 and Tier 3 firms whose leaders demonstrate a clear commitment and strategy to improve audit quality. This includes investing in their audit methodology, human resources and audit quality functions, learning from things that went wrong or went well, and seeking to embed a culture that recognises and prioritises audit quality.

Our intensive supervision work at certain Tier 1 firms is resulting in improvements to audit quality and we are continuing to strengthen our supervision of Tier 2 and Tier 3 firms. We have developed a comprehensive, co-ordinated and proportionate supervision strategy involving relevant teams across the FRC. This strategy is focused both on holding firms to account to improve audit quality and fulfilling our responsibilities as an improvements regulator.

We are doing more to help firms improve through initiatives such as the Audit Firm Scalebox which launched this year.

In December 2022 we introduced our PIE Auditor Registration regime. This allows us to impose or agree measures on the registration of firms where we have quality concerns. In total, Conditions or Undertakings have been placed on the registrations of over 30% of PIE audit firms. One of the most common Conditions imposed is to require FRC approval prior to accepting new PIE audits, meaning that we can limit the growth of a firm's PIE audit portfolio. Other Conditions relate to improving aspects of a firm's system of quality management. Conditions of this nature help a firm understand where it needs to improve. We support a firm through this process by reviewing and providing constructive feedback on the actions it is taking.

Other tools by which we hold firms to account include:

Requiring firms to take robust actions in response to inspection and other findings and monitoring the implementation of those actions. A key development in this area will be our forthcoming inspections of firms' quality management systems under ISQM (UK) 1¹. This will include reviewing how firms have responded to deficiencies identified in their own annual evaluation.
Delivering assertive supervision messages in our private Annual Supervisor Letters (ASL) and other engagement with firms' leadership, on the areas where their firm most needs to improve and challenging them on their responses.

Key recent initiatives and improvements regulator activities include:

Establishing the Audit Firm Scalebox to help firms develop and maintain high standards of audit quality as they enter and grow in the PIE audit market. The Audit Firm Scalebox has already provided valuable feedback to firms on what good looks like in certain audit areas.
Publishing What Makes a Good Smaller PIE Audit Firm in May 2023.
Increasing our in-person events and roundtables to share good practice in common auditing issues.

More details of the findings and observations from our inspection, registration and supervision work are set out in the following sections:

Section 2: Findings from our inspection of individual audits and quality control systems.
Section 3: An overview of PIE Auditor Registration since its launch in December 2022.
Section 4: Improvements regulator activities, including good practice insights and the Scalebox, and our forward-looking supervision approach.

All inspections 2018/19 to 2022/23: Tier 2 and Tier 3

A stacked bar chart showing the percentage breakdown of audit outcomes ('Good or limited improvements required', 'Improvements required', 'Significant improvements required') for Tier 2 and Tier 3 firms from 2018/19 to 2022/23, and an aggregate.

2018/19: Good/Limited: 2%, Improvements: 2%, Significant: 3%. Total: 7%
2019/20: Good/Limited: 2%, Improvements: 4%, Significant: 4%. Total: 10%
2020/21: Good/Limited: 6%, Improvements: 6%, Significant: 4%. Total: 16%
2021/22: Good/Limited: 2%, Improvements: 4%, Significant: 3%. Total: 9%
2022/23: Good/Limited: 5%, Improvements: 3%, Significant: 5%. Total: 13%
Aggregate: Good/Limited: 17%, Improvements: 19%, Significant: 19%. Total: 55%

All inspections 2018/19 to 2022/23: Tier 2 and Tier 3

Two pie charts illustrating the breakdown of inspection outcomes for Tier 2 and Tier 3 firms.

Tier 2 * Good or limited improvements required: 37% * Improvements required: 36% * Significant improvements required: 27%

Tier 3 * Good or limited improvements required: 24% * Improvements required: 32% * Significant improvements required: 44%

Changes to the proportion of audits in each category each year reflect a wide range of factors, including the firms inspected, the size, complexity and risk of the audits selected for review, and the scope of individual reviews. Our inspections are also informed by the priority sectors and areas of focus set out annually by the FRC.

For these reasons, and due to the small numbers of inspections at individual firms and the different firms inspected each year, changes from one year to the next cannot be solely relied upon to provide a complete picture of audit quality across Tier 2 and Tier 3 firms. Year-on-year changes are not necessarily indicative of any overall change in audit quality.

Any inspection cycle with audits requiring more than limited improvements is a cause for concern and indicates the need for relevant firms to take action to achieve the necessary improvements.

Refer to Appendix 2 for more information on our inspection approach and Appendix 3 for the firms in Tier 2 and Tier 3 for 2022/23. ²

	Number of Tier 2 and Tier 3 firms	Number of Tier 2 and Tier 3 audits in FRC scope³	% of audits by Tier 2 and Tier 3 firms	Tier 2 and Tier 3 firms inspected	Completed inspections of audit files	Inspections of firms' quality control procedures
2023/24 (provisional)	29	346	17%	12	15	2
2022/23	29	247	13%	11	13	7
2021/22	22	182	9%	7	9	6
2020/21	27	146	7%	10	16	8
2019/20	29	162	7%	6	10	5
2018/19	31	155	7%	4	7	4

2022/23 Tier 2 and Tier 3 firm data:

Five large numerical indicators show data for Tier 2 and Tier 3 firms. * Number of firms: 29 * Total fee income £'m: 1,085 * Total audit fee income £'m: 389 * PIE audit fee income £'m: 19 * % of total PIE audit fee income: 1.7% * Responsible Individuals: 517

Below these numbers, a visual indicates "Tier 2" and "Tier 3" labels without specific data points in this section.

Auditor changes for entities with main market listed equity

A stacked bar chart illustrating the distribution of auditor changes for entities with main market listed equity from 2018 to 2022, categorized by the tiers of the firms involved.

Year	Total	Within Tier 1	Within Tiers 2 and 3	From Tier 1 to Tiers 2 or 3	From Tiers 2 or 3 to Tier 1
2022	50	(bar segment)	(bar segment)	(bar segment)	(bar segment)
2021	42	(bar segment)	(bar segment)	(bar segment)	(bar segment)
2020	59	(bar segment)	(bar segment)	(bar segment)	(bar segment)
2019	62	(bar segment)	(bar segment)	(bar segment)	(bar segment)
2018	42	(bar segment)	(bar segment)	(bar segment)	(bar segment)

The x-axis ranges from 0% to 100% indicating '% of auditor changes'.

[^3] Tier 2 and Tier 3 comprise different firms over time. See Appendix 3 for the names of Tier 2 and Tier 3 firms in 2022/23 and certain changes in tiers for 2023/24. The number of firms includes firms that have entered or exited FRC scope during a year. [^4] Data held by the FRC as at 31 December in the previous calendar year for firms in scope at that date. [^5] FRC-scope audits comprise PIEs, Lloyd's Syndicates and UK incorporated AIM-listed entities with a market capitalisation in excess of €200m. [^6] The FRC's 2023 edition of Key Facts and Trends in the Accountancy Profession supplemented by firms' Transparency Reports and other sources. Responsible Individual data not available for six firms and fee data not available for seven firms in Tier 3. [^7] Source: Auditor data from Auditor Analytics' Auditor Changes Database for each calendar year; Main market listed equity constituents as at 31 December 2022.

Our supervisory approach

Our supervision of PIE audit firms sits at the heart of the audit and regulatory ecosystem. Our supervision teams work closely together and with other FRC teams to develop a deep understanding of where audit quality needs to be improved and hold firms to account for delivering those improvements.

How we supervise PIE auditors

The diagram illustrates the interconnected processes involved in supervising PIE auditors.

Core Activities: * Audit Quality Review (AQR) Inspections: * Involve risk-based selection of audits to review. * Leads to "Audits reviewed". * Results in "Quality assessment given - findings and good practice reported to the audit firm and audit committee chair". * AQR findings feed into broader supervision initiatives including thematics, audit firm scalebox initiative, and public reporting.

Integrated Management System (AMS): * ISQM and Ethical Standard: Directly links to "Annual review of firms quality management systems". * Risk management and resilience * Cross-firm thematic work: Leads to "Operational separation". * Culture and Conduct * Audit Firm Governance Code requirements

Audit Firm Supervision (AFS): * Audit firm scalebox * PIE auditor registration * Review of audit strategy and firm's audit quality plans * Annual Supervisor Letter to firms * Other supervisor activities * Risk reporting protocol * Pre-appointment meetings * Frequent information gathering exercises

Engagement Framework: * Regular meetings as part of our 'Engagement Framework'. * Tier 1 meetings: twice yearly. * Tier 2 meetings: reduced programme of meetings. * Engagement with audit firms and audit committee chairs on individual inspection reports.

Public Reporting: * Annual Tier 1 firm public report. * Audit thematic reviews and other public reports. * Tier 1 Overview Report. * 'What makes a good...' series. * Tier 2 and Tier 3 firm public report. * Key findings and good practice points.

Enforcement Process: * Constructive engagement * Referrals: Leads to "Case assessment". * Enforcement * Horizon scanning * No further action * Audit quality action plans

Key: * Joint AFS and AMS * Reporting * Enforcement

2. Inspection of individual audits and quality control systems

Summary

Of the 13 inspections of audits conducted by Tier 2 and Tier 3 firms that we completed during 2022/23:

Five (38%) were assessed as requiring no more than limited improvements, a minor improvement on the 36% average in this category over the period 2016/17 to 2021/22.
A further five (38%) were assessed as requiring significant improvements, the highest in this category since 2019/20.

Average inspection results have not improved and this year more audits were found to require significant improvements.

These percentages should be treated as indicative, given the small sample, that different firms and audits are inspected every year, and that the results of individual firms may vary. However, the overall results of our inspections for this year continue to indicate an urgent need for improvements in audit quality in this sector of the market.

Common findings in the 2022/23 inspection cycle

A stacked bar chart showing the number of 'Key findings' and 'Other findings' across different audit areas for the 2022/23 inspection cycle.

	Key findings	Other findings
Estimates and judgements	6	4
Journal entry testing	7	2
Going concern	5	0
Revenue	2	2

The y-axis ranges from 0 to 10.

Our key inspection findings this year were common across the period and largely consistent with previous years, with the significant majority relating to the audit of:

Judgements and estimates, reflecting that complex and judgemental audit areas require audit teams to exercise robust professional scepticism in their audit response.
Going concern, with weaknesses in the rigour of the audit work and the challenge of the underlying evidence provided by management.
Journal entry testing, including the lack of linkage to the presumed fraud risk of management override of controls.

Weaknesses in firms' related quality control procedures, such as shortcomings in the reviews of audit work performed by Engagement Partners and/or Engagement Quality Control Reviewers, were contributory factors to the deficiencies noted in the audit work performed. However, we did see a reduction in the number of findings in the audit work over inventory and the financial statements.

The audit quality monitoring activities conducted on Tier 2 and Tier 3 firms' non-PIE audits by the Recognised Supervisory Bodies (RSBs) continue to show an improving trend with 76% of audits reviewed in 2022/23 being assessed as good or generally acceptable (refer to Appendix 1). These results may reflect the lower complexity of these non-PIE audits or differences in the scope of the review. The FRC supervises and reviews the RSBs audit quality monitoring activities and reports annually on this to the Secretary of State.

Our 2022/23 reviews of Tier 2 and Tier 3 firms' quality control procedures³ also found similar themes to previous years with actions required by firms in:

Developing competency frameworks for audit partners and staff, and improving links between audit quality and reward.
Improving procedures for archiving audit files in line with the requirements of auditing standards.
Establishing adequate procedures to monitor compliance with ethical standards, in particular regarding non-audit services and fees.
Formalising acceptance and continuance procedures for audit engagements.
Improving the depth and rigour of firms' internal quality monitoring procedures, including processes to follow up and remediate findings.

Review of individual audits

The following themes reflect the most common areas of inspection findings that drove our assessment of audits requiring improvements or significant improvements.

Estimates and judgements

We had findings in this area on 77% of the audits we inspected (previous report: 60%), more than half of which were assessed as requiring improvements or significant improvements. Similar to our previous inspection cycles, many of our key findings were as a result of audit teams not demonstrating sufficient professional scepticism, which is essential for an appropriately robust audit of these areas, given the significant levels of management judgement and the potential for bias.

Estimates and judgements – examples of key findings

Expected Credit Loss (ECL) provisions: Weaknesses in the audit procedures performed to test the methodology, assumptions and data inputs used in ECL calculations, including in relation to significant increase in credit risk criteria and macro-economic and other overlays.

Investment valuation: Insufficient audit procedures to challenge the accounting treatment for unlisted investments, and to test management's valuation of these investments.

Impairment: Weaknesses in audit procedures performed to corroborate and challenge cash flow forecasts used in management's impairment assessment of intangible assets.

It is imperative that audit teams demonstrate the appropriate level of professional scepticism in their audit work.

Going concern

We had findings in this area in 38% of the audits we inspected (previous report: 37%), all of which were assessed as requiring improvements or significant improvements. Going concern continues to be an area of particular challenge for audit teams, with several of the entities we inspected experiencing financial difficulties. Many of our findings were linked to weaknesses in the rigour of the underlying going concern assessments and supporting evidence provided by management. It is vital that audit teams exercise appropriate professional scepticism when assessing and challenging management's assessment of going concern.

Going concern continues to be an area of particular challenge for audit teams.

Going concern – examples of key findings

Insufficient procedures to test cash flow forecasts and to assess the impact of related sensitivities in the going concern model.

Inadequate procedures to evaluate the impact of breaches of loan covenants during the reporting period on the continued availability of cash resources from financing arrangements.

Insufficient procedures to assess the refinancing of debt, in a case where this was a key assumption in management's going concern assessment.

Journal entry testing

We had findings in this area on 69% of the audits we inspected (previous report: 31%), of which the majority were assessed as requiring improvements or significant improvements. The increase in the number of audits with findings in this area reflected our inspection focus on fraud and on the audit of journal entries as a key response to the fraud risk of management override of controls. Many of the findings that we identified related to weaknesses in the planned audit approach and the linkage of this to the audit team's fraud risk assessment. The design of the audit approach and executed procedures should be appropriately robust and responsive to the potential fraud risks identified.

Journal entry testing is a key audit procedure and must respond to the presumed fraud risk of management override of controls.

Journal entry testing – examples of key findings

Weaknesses in the fraud risk assessment performed by the audit team, which informed the selection of journals for testing.

Insufficient or no procedures performed to test journals that were identified as meeting fraud risk criteria.

Insufficient procedures to test the completeness of journal entry listings obtained from management.

Other findings resulting in lower quality assessments

Key findings in the following areas also supported the lower quality assessment of individual audits:

Revenue: On two audits we inspected, insufficient procedures had been performed to respond to audit risks identified related to revenue accuracy, completeness and/or cut-off.
Accounting errors: On an audit that we assessed as requiring significant improvements, inadequate procedures had been performed to assess the accounting treatment for an acquisition occurring during the period. As a result, a material accounting error was not identified by the audit team.

What good looks like

Examples of good practice we observed in 2022/23

On one audit, the effective use of bespoke data analytic tools as part of a robust audit approach over lease accounting.

On another audit, the engagement of specialists to support the audit team's evaluation of management's going concern assessment and related financial statement disclosures.

Audit teams are encouraged to refer to the What Makes a Good Audit publication which includes best practices observed during inspections.

Review of quality control procedures

Approach to reviewing a firm's quality control procedures

During 2022/23, we inspected the quality control procedures at seven (out of 11) firms inspected. Our inspection programme covered each area set out in International Standard on Quality Control (UK) 1 (ISQC (UK) 1): leadership, compliance with ethical requirements, acceptance and continuance procedures, human resources, engagement performance and monitoring. As well as reviewing a firm's system of quality control, we also evaluate samples of the application of individual policies and procedures (usually as part of the review of individual audits). For 2022/23, we performed our inspection based on the policies and procedures the firm had in place on 30 September 2022.

The following themes reflect our most common inspection findings.

Human resources

We had findings across the human resources component of ISQC (UK) 1 at all seven of the firms inspected, with numerous key findings at the majority of firms. Recruitment, performance management and reward processes are key to creating and maintaining a culture and environment that supports high quality audits.

Recruitment, performance management and reward processes are key to creating and maintaining a culture and environment that supports high quality audit.

Human resources – examples of key findings

Lack of a formalised appraisal process for partners in the audit practice.

Where a formalised appraisal process was in place, the lack of linkage between audit quality and reward.

Lack of a competency framework for staff and partners in the audit practice.

Engagement performance

We had findings in this area at five of the seven firms inspected. Many firms do not have formalised procedures to lock down and appropriately archive audit files in line with the requirements of auditing standards. Consequently, most of our inspections were performed on files which had not been appropriately archived. We expect firms to take immediate action to implement appropriate archiving procedures.

Engagement performance – examples of key findings

Shortcomings in processes for the archiving of audit files in line with the requirements of the auditing standards.

Insufficient measures to ensure that working papers added after the date of the auditor's report, but before the date the file was archived, are logged and the reasons for their addition are recorded.

Inadequate controls to prevent or detect inappropriate edits to an audit file after being archived (and we identified such edits in one audit).

Firms must implement formalised procedures to ensure monitoring and compliance with ethical requirements.

Compliance with ethical requirements

We had findings in this area at five of the seven firms inspected. Some firms do not have formalised procedures to deal appropriately with ethics-related matters. The FRC's Revised Ethical Standard 2019 requires additional measures to be implemented by firms over and above those required by ISQC (UK) 1.

Compliance with ethical requirements – examples of key findings

Insufficient measures to ensure ethics and independence consultations are formally completed and documented.

Inadequate processes to monitor audit and non-audit fees.

Absence of appropriate ethical walls between accounting and audit functions.

Lack of formalised processes to monitor gifts, hospitality and entertainment.

Inadequate measures to monitor and address audit partner rotation and long association.

Acceptance and continuance procedures

We had findings in this area at four of the seven firms inspected. Robust acceptance and continuance procedures are essential in ensuring that a firm's audit portfolio is within its capacity and capability to perform high quality audits.

Acceptance and continuance – examples of key findings

Lack of a policy and formal process, driven by a risk-based assessment, for accepting new clients and re-accepting existing clients.

Failure to consider appropriately factors such as staff availability, profitability and recovery rates, reputational risks, potential conflicts, requirements relating to regulated entities or the need for specialist skills.

Robust root cause analysis must be performed to understand why deficiencies occurred and enable action to be taken to prevent recurrence.

Internal quality monitoring

We had findings in this area at three of the seven firms inspected that were subject to firm quality control inspection. It is important that a firm's quality monitoring function is independent of the audit function and that appropriate root cause analysis is performed to understand how deficiencies have occurred.

Internal quality monitoring – examples of key findings

Inappropriate grading of files subject to monitoring reviews.

Failure to communicate thematic findings to the wider audit practice.

Lack of appropriate guidance on how to perform root cause analysis.

Insufficient identification of themes, which indicated that additional training or supplemental methodology guidance is required.

What good looks like

Examples of good practice we observed in 2022/23

Where a firm's leadership takes an active interest in driving audit quality, we see improvements in audit quality in the files inspected.

Firms with robust client acceptance procedures are able to make better informed decisions on resources required to perform high quality audits.

Audit firms are encouraged to focus on the implementation of ISQM (UK) 1 and ISQM (UK) 2 which came into effect on 15 December 2022.

3. PIE Auditor Registration

Summary

Our PIE Auditor Registration function was successfully launched in December 2022. At 31 October 2023, 27 Tier 2 and Tier 3 firms were on the register, up from 21 as at 5 December 2022.

Looking across all registered firms, Conditions and/or Undertakings have been applied to the registration of 13 firms, and a small number of RIs, where we have significant concerns over audit quality. Examples of Conditions we have imposed include a requirement to seek FRC permission before taking on new PIE audits and subjecting PIE audits to additional quality monitoring. In some cases, firms have been required to inform current or prospective audited entities of certain Conditions. To date, while we have not refused a registration application by a firm, two firms have withdrawn their applications following discussions with our registration team.

Our registration team works closely with our supervisor and inspection teams in monitoring how firms are responding to Conditions and Undertakings. Such firms are subject to enhanced supervision plans and may also be subject to accelerated inspection.

Tier 2 and Tier 3 PIE registered audit firms

All audit firms and RIs must register with the FRC before undertaking any PIE audit work.

All firms and Rls carrying out statutory audit work on PIEs were required to register with the FRC by 5 December 2022 under a set of transitional regulations. Thereafter, any firm that plans to take on a PIE audit or remain auditor to an entity that is to become a PIE (for example, if it obtains a listing on the London Stock Exchange), together with relevant Rls, must register with the FRC before undertaking any PIE audit work.

Between 5 December 2022 and 31 October 2023, the number of PIE registered Tier 2 and Tier 3 audit firms increased from 21 to 27.

Date	5 December 2022	31 March 2023	31 October 2023⁴
Tier 2 and Tier 3 PIE registered firms	21	26	27

The net increase of six firms reflects seven firms registering for the first time, one firm moving from Tier 1 to Tier 2 and two firms ceasing to be PIE auditors and their registration being removed.

How the PIE Auditor Registration regime enhances audit quality

The introduction of PIE Auditor Registration has allowed us to:

Assess thoroughly whether a firm or RI meets the requirements to be registered as a PIE auditor and reassess this annually or more frequently if appropriate. (The registration requirements that we assess are set out in the PIE Auditor Registration Regulations and Guidance.)

Act decisively when we identify a systemic issue at a PIE audit firm, allowing us to impose measures on a firm's or an RI's registration (see below for further details).

Make timely interventions where we have concerns as to whether an audit firm is being run in a manner that enhances audit quality.

Leverage the findings of the FRC's supervision, inspection and other teams in order to develop an enhanced knowledge of a firm and take action where required.

The PIE Auditor Registration regime enables the FRC to better safeguard and improve audit quality.

Conditions and Undertakings

Where appropriate, we hold PIE audit firms and RIs to account to address audit quality concerns through:

Conditions: restrictions or requirements put in place by the FRC to address a serious concern.
Undertakings: agreements between the FRC and a firm or RI to monitor or rectify less serious concerns.
Suspension or involuntary removal of registration.

Decisions are made on a case-by-case basis based on our assessment of the public interest, for example, the need to protect the public, uphold standards and maintain public confidence in the PIE audit market.

To date we have not published details of individual Conditions or Undertakings applied but we may do so in future based on our assessment of the public interest. In the following tables we set out an overview of the number of PIE audit firms to which Conditions and Undertakings have been applied together with examples⁵.

Measures have been applied to the registration of over 30% of all PIE audit firms.

Conditions and Undertakings	5 December 2022	31 March 2023	31 October 2023
PIE registered firms	36	41	41
Firms with Conditions⁶	5	7	9
Firms with Undertakings only	4	4	4
% of PIE registered firms with Conditions or Undertakings	25%	27%	32%

Examples of Conditions imposed

Requirement to notify: a firm must notify its existing and prospective PIE audit engagements that the firm is subject to a Condition and the nature of that Condition.

FRC approval: a firm must not accept any new PIE audit engagements without the FRC's prior approval.

Investment in quality improvements: a firm must invest in improvements to its system of quality management or audit methodology and demonstrate that it has done so, including evidence that the action taken has been effective.

Additional quality reviews: a firm must commission additional internal or external quality reviews (in-flight or cold file reviews) and submit them to the FRC.

Continuing professional development: a firm must improve its procedures for determining the continuing competence and experience of its designated PIE RIs and of all of its Principals and employees involved in PIE audits.

Examples of Undertakings agreed with firms

Audit Firm Governance Code compliance: reporting on a six-monthly basis to the FRC on enhancements to improve compliance with the Audit Firm Governance Code.

Audit methodology: reporting to the FRC on enhancements to audit methodology in a specific sector on a six-monthly basis.

Monitoring growth and quality: monitoring and reporting to the FRC on the growth of a firm's PIE audit portfolio and the improvements made to quality monitoring procedures.

Audit quality transformation plan: preparing a formal plan to transform audit quality, including measures to address resourcing gaps, improve the support for audit teams, enhance audit quality monitoring and remediation procedures, and developing an audit culture that prioritises quality.

The registration team's priorities

The PIE Auditor Registration function has now been operational for one year. The team has developed close links with other FRC and external stakeholders and developed priority areas to focus on in the second year of operation.

Key priority areas for the FRC's registration team

Close monitoring of Conditions and Undertakings imposed, including ensuring firms provide timely updates and evidence where applicable.

Monitoring market developments to ensure that the FRC has advance notice of any audit firms which may be due to fall into scope.

Working with firms to ensure that they understand and comply with the PIE Auditor Registration Regulations, including informing the FRC of relevant changes, new appointments and resignations.

Continuing to review the appropriateness and support needs of RI's allocated to PIE audits, based on the size and risk level of RI portfolios, the extent of their experience and any quality metrics.

4. Forward-looking supervision and improvements regulator activities

Summary

In 2022/23 we increased our improvements regulator activities, in particular launching the Audit Firm Scalebox to provide additional support to firms seeking to grow in or enter the PIE audit market.

Some firms have invested in their quality-focused teams but not all firms have appropriately tailored the requirements of ISQM (UK) 1 to their firms.

We also continued to enhance our forward-looking supervisory activity at Tier 2 and Tier 3 firms by allocating additional supervisory resources. This focused on engaging with firms more frequently and in greater depth on key areas. In particular, we have increased our engagement with Tier 2 firms, including conducting deep dives into certain areas of their quality management procedures and exploring how certain firms are developing their audit culture.

The implementation of ISQM (UK) 1 has been a key opportunity for Tier 2 and Tier 3 firms to develop and deliver more robust quality management procedures. Our inspection teams have begun formal inspections under ISQM (UK) 1 in 2023/24, but the high-level benchmarking work we have conducted to date reveals a wide range of implementation approaches taken by firms. Some firms, particularly in Tier 3, have not sufficiently applied and tailored the requirements of the standard to their firms. Others have invested in their quality-focused teams, including with lateral hires from larger firms, to enhance their PIE audit capability and capacity.

Improvements regulator activities

Audit Firm Scalebox

In May 2023, we launched the Audit Firm Scalebox (Scalebox), a flexible mechanism for the FRC to provide additional support to Tier 2 and Tier 3 firms and those contemplating taking on PIE audits.

The Scalebox is enabling firms to better understand the FRC's quality expectations and approach to inspection and supervision.

To date, 11 firms have joined the Scalebox and we are working with them on enhancing their understanding of the FRC's audit quality expectations for PIE audits and our approach to supervision, inspection and the PIE Auditor Registration regime.

The Scalebox has recently completed a review of a sample of working papers and methodologies in relation to the audit of revenue and going concern. Themes and good practices from this exercise have been shared with firms and will be considered for publication in due course.

We have also conducted Scalebox roundtables to help firms understand what to expect from an FRC inspection and the requirements of the PIE Auditor Registration regime. We plan to conduct further Scalebox roundtables in 2024 on topics of interest to participating firms.

What Makes a Good Smaller PIE Audit Firm

As we launched the Scalebox initiative, we also published What Makes a Good Smaller PIE Audit Firm.

The report provides an overview of what we expect firms to focus on to ensure that their audit practice is capable of performing high quality audits. This includes insights from our supervision of audit firms and areas for firms to focus on as they grow, both in terms of what they should do and things to avoid doing. It also includes a guide to how the FRC regulates PIE audit firms.

Supervisor roundtables and technical briefings

During the year we introduced our in-person technical briefing series which is open to all Tier 2 and Tier 3 firms. We also continued to host a number of roundtables. These events involved collaborative discussions where we explored examples of issues and good practices to facilitate the sharing of knowledge between firms. Topics covered included ISQM (UK) 1, revenue, cash and cash flow statements, financial services, ethics and culture.

We plan to host more roundtables and technical briefings in 2023/24 to share good practices and common findings that are identified through our inspection activity and other supervisory work. We are considering carefully how to structure these events so as to provide maximum benefit to the participants. We also survey firms to identify the topics of most interest and relevance to them and the challenges they face.

Supervisors pull together evidence on audit quality at a firm and issue the firm with a letter setting out the priority areas the firm must address.

Forward-looking supervision

How we supervise PIE audit firms is explained in Our Approach to Audit Supervision, which we updated and republished in March 2023. A key element of a Supervisor's work is pulling together evidence from a variety of sources regarding audit quality at a firm and helping the firm understand and prioritise the actions it must take to safeguard and/or improve audit quality. Approximately once per calendar year we issue all firms with an ASL which summarises the priority areas for that firm to address. We monitor the actions being taken and hold firms to account to deliver the necessary improvements. If a firm fails to deliver appropriate improvements, the FRC will take proportionate action, which may include PIE Auditor Registration measures on a firm or an RI.

The following describes the process from Annual Supervisor Letter to Holding firms to account:

Annual Supervisor Letter
Actions to address priorities
Monitoring of actions
Holding = firms to account

In this section we set out examples, mapped to elements of ISQM (UK) 1, of actions taken by firms in response to our findings and observations, as well as other good practice insights from our work.

Audit methodology and execution

Our inspection work and Constructive Engagement cases⁷ frequently find that firms must take action to improve audit methodology and execution.

Developing a professional judgement framework can assist audit teams in performing a stand-back assessment of complex matters.

Actions taken and good practices

Remedial actions taken by firms to improve the robustness and consistency of audits and how auditors' work is documented include:

Introducing a professional judgement framework to assist audit teams in performing a stand-back assessment and applying appropriate challenge to matters identified on an audit.

Introducing standardised working paper templates related to:

Going concern, which require the audit team to record systematically relevant facts, circumstances and management's assumptions, including where these have been challenged.

The use of auditor's experts, to improve how audit teams assess and document their assessment of: the competence, independence and objectivity of the expert; and, the data and assumptions used by the expert.

Engagement quality reviews⁸ which require the reviewer to document the information reviewed, their judgements regarding conclusions reached by the audit team, and resolution by the audit team of matters raised in the review.

Compliance with ethical requirements

PIE audit firms must submit six-monthly reports to the FRC of all identified breaches of the Ethical Standard. Breaches commonly reported, or identified in our inspection work, relate to the provision of non-audit services and financial interests in audited entities held by partners and staff. 18 Tier 2 and Tier 3 firms reported no breaches in the six-month period to 31 March 2023. There is a risk that these firms have not developed adequate procedures for identifying ethical breaches. We will review their procedures in this area at our next inspection visit.

18 firms reported no ethical breaches in the six months to March 2023. There is a risk that these firms have not developed adequate procedures for identifying ethical breaches.

Actions taken and good practices

Actions developed by firms to address ethical issues include:

Updating policies regarding the non-audit services a firm will provide to PIEs, in some cases the prohibition of all non-audit services.

Enhancing monitoring activities and information systems to allow central oversight of non-audit fees and the length of partners' involvement.

Improving how threats to objectivity and independence arising from non-audit services are assessed, including better documentation of judgements, such as whether the entity has informed management, the safeguards to be implemented and why they will be effective.

Acceptance and continuance

Audit firms must establish policies and procedures which enable appropriate decisions to be taken regarding the audits they undertake. We have seen examples where a firm's decision-making process fails to give adequate consideration to the risk factors related to the entity, the specific audit risks and the firm's expertise in those areas, or the need for specialist resource.

Our supervisory work has identified examples of firms not adequately considering audit risks and the firm's expertise in acceptance processes.

Actions taken and good practices

Actions developed by firms to improve their acceptance and continuance procedures include:

Requiring formal approval by an Audit Compliance Partner or risk committee for audits in specialist sectors or identified as high risk.

Piloting formal communications to audited entities on actions they must take to enhance their processes (including internal control and timely delivery of quality information to audit teams) as part of continuance decisions.

Governance, leadership and culture

High quality, reliable audit depends on well-governed, stable and resilient firms. In 2022 we issued an updated version of the Audit Firm Governance Code (the Code), which places greater emphasis on the role of firms' independent non-executives (INEs) in representing the public interest and promoting an appropriate culture. Under ISQM (UK) 1, a firm's leadership must establish a culture which demonstrates a commitment to quality. As at the date of this report, all six current Tier 2 firms have adopted or are adopting the Code. We are in the process of reviewing and providing feedback to all six firms on their compliance with the principles in the Code.

Independent non-executives play an important role in representing the public interest and promoting an appropriate culture.

Actions taken and good practices

Measures we have observed that firms can put in place to support effective governance and an appropriate culture include:

Governance

Ensuring relevant governance bodies have clear terms of reference.

Defining independence criteria for INEs, which are used to assess potential appointments, and are disclosed in Transparency Reports.

Culture

For firms that acquire or merge with other practices, ensuring an appropriate culture and a core set of behaviours and values are embedded across the enlarged firm.

Developing and embedding behaviours and values for the audit practice which relate to challenge and acting in the public interest.

Developing an effective coaching culture among engagement teams to support the development of junior team members and improve capacity at manager level to focus on supervision, direction and review.

Resources – third party service providers

Firms' human, technological and intellectual resources, including those provided by third parties and their network organisations, must enable consistent performance of high quality audits and effective operation of their quality management systems. During the year we benchmarked how Tier 2 and Tier 3 firms have approached assessing service providers under ISQM (UK) 1 and shared insights and good practices with firms.

Categorising service providers based on their significance assists the assessment and monitoring of risk, and the design of mitigating actions.

Insights and good practices

Checking supplier records assists with ensuring that a complete list of service providers is identified.

Classifying service providers into categories based on significance assists the proportionate assessment and monitoring of risk, and the design of appropriate mitigating actions.

Risk assessment

Under ISQM (UK) 1, firms must design and implement a risk assessment process to establish quality objectives, identify and assess quality risks, and design and implement responses to address those quality risks. During the year we benchmarked how Tier 2 and Tier 3 firms have approached this risk assessment and shared insights and good practices with firms.

Firms which use third-party resources for risk identification and assessment must apply appropriate tailoring.

Insights and good practices

Firms using a third-party package to assist them identify and assess risks and design responses must ensure that they tailor their approach to the firm. This includes adding additional quality objectives or responses beyond those specified in ISQM (UK) 1 where necessary.

Applying a rating to each of the identified risks can be effective in determining the appropriate level of response.

A clear plan for the periodic review of risks, including a framework of factors to consider, can help ensure that the risk assessment process is responsive to events and changing circumstances.

Monitoring and remediation

Effective monitoring and remediation processes provide relevant, reliable and timely information about the system of quality management and enable a firm to take appropriate action to address identified deficiencies. While most firms will have operated quality monitoring procedures, such as cold file reviews, ISQM (UK) 1 requires firms to investigate the root causes of deficiencies identified.

Undertaking root cause analysis on successful audits enables firms to understand and share success factors.

Actions taken and good practices

Actions taken by firms as a result of inspection and other findings, or the implementation of ISQM (UK) 1, include:

Applying additional hot or cold file reviews to specific Rls in response to previous quality findings.

Extending the audits on which root cause analysis is conducted, for example, including successful audits to understand and share the success factors.

Introducing policies and procedures to safeguard against conflicts of interest that may arise in the performance and review of root cause analysis in firms where audit partners are also responsible for undertaking the root cause analysis.

Appendix 1

Monitoring reviews by RSBs

Tier 2 and Tier 3 firms are subject to independent monitoring by their RSBs. The RSB for 25 of 29 firms listed in Appendix 3 is the Institute of Chartered Accountants in England and Wales (ICAEW), with the remaining firms monitored by the Institute of Chartered Accountants of Scotland (ICAS) and Chartered Accountants Ireland (CAI). The RSBs undertake their reviews under delegation from the FRC as the Competent Authority. They review audits outside the FRC's population of PIE and other retained audits, and accordingly their work covers private companies, smaller AIM listed companies, charities and pension schemes. The RSBs do not undertake work on Tier 2 and Tier 3 firms' systems of quality control/monitoring. This is performed by the FRC.

RSB monitoring reviews are designed to form an overall view of the quality of the audit. The RSBs assess these audits as 'good'/'satisfactory', 'generally acceptable', 'improvement(s) required' or 'significant improvement(s) required'. Files are selected to cover a broad cross-section of entities audited by the firm and the selection is focused towards higher-risk and potentially complex audits within the scope of the RSBs' review.

The frequency of an RSB review at a Tier 2 or Tier 3 firm will depend on the size and nature of the firm's audit practice, and other risk factors which include previous compliance history, but is typically between two and six years.

Summary of review findings

The RSBs' review findings for Tier 2 and Tier 3 firms are set out below.

RSB review outcomes

A stacked bar chart illustrating the outcomes of RSB reviews, categorized as 'Good/satisfactory or generally acceptable', 'Improvements required', and 'Significant improvements required', across different years from 2018/19 to 2022/23, and an Aggregate.

2018/19: Good/satisfactory: 55, Improvements: 16, Significant: 6. Total: 77
2019/20: Good/satisfactory: 43, Improvements: 7, Significant: 7. Total: 57
2020/21: Good/satisfactory: 31, Improvements: 9, Significant: 4. Total: 44
2021/22: Good/satisfactory: 41, Improvements: 14, Significant: 2. Total: 57
2022/23: Good/satisfactory: 31, Improvements: 10, Significant: 0. Total: 41
Aggregate: Good/satisfactory: 201, Improvements: 56, Significant: 16. Total: 273

The y-axis ranges from 0% to 100%.

Given the change in composition of firms inspected in a particular year, and the relatively small sample size compared to the number of audits conducted as a whole, changes from one year to the next in the proportion of audits falling within each category cannot be relied upon to provide a complete picture of performance or any overall change in audit quality.

In total, the RSBs reviewed 41 audit files at eight Tier 2 and Tier 3 audit firms in the year ended 31 March 2023. Of the audit files reviewed 76% were assessed as good/satisfactory or generally acceptable, and 24% required improvements. At three of the eight firms visited in 2022/23, the RSBs concluded that all the files reviewed were good/satisfactory or generally acceptable.

The common weaknesses leading to files that needed improvement were consistent with previous periods:

Valuation of assets, for example impairment considerations for oil and gas assets, retail stores affected by the pandemic, and pension scheme assets with related reliance on management's experts.
Audit of revenue, generally relating to revenue recognition on long-term contracts.
Aspects of group audits, including the group auditor's communication and actions to address gaps in component auditors' work.

Tier 2 and Tier 3 firms are increasingly taking on more complex non-PIE audits, where their audit teams' skills in testing operating effectiveness of controls and applying substantive analytical review are important to obtain sufficient and appropriate audit evidence. In recent years audits reviewed at Tier 2 and Tier 3 have relied heavily on substantive tests of detail. All audit firms should review their training and guidance to ensure that audit partners and staff have the appropriate skills for the effective audit of more complex businesses.

Good practice

In 2022/23, good practices identified by RSBs at Tier 2 and Tier 3 firms included:

Depth of understanding demonstrated of the group and its business risks, leading to comprehensive audit risk assessment.
Clear group audit scoping and quality of interaction with component auditors.

The RSBs observed that several Tier 2 and Tier 3 firms benefited from their audit cold file reviews (both internal and from training organisations). Actions taken included issuing revised working paper templates to address common documentation weaknesses.

Appendix 2

Our inspection approach

The FRC's inspection focus is on firms that audit PIEs, the PIE audits they conduct and their quality control systems applicable to PIE and non-PIE audits. We will usually inspect Tier 2 firms on a three-year cycle and Tier 3 firms on a six-year cycle. However, we may accelerate inspection work to address risks that we identify.

Our selection of individual audits and the areas within those audits is risk-based, to the extent possible given the limitations posed by the small number of PIE audits conducted by some Tier 2 and Tier 3 firms. Some Tier 3 firms audit only one PIE.

Our risk-based selections focus on, for example, entities which: are in a high-risk sector; are experiencing financial difficulties; have material account balances with high estimation uncertainty; or, where the auditor has identified governance or internal control weaknesses. Higher-risk audits are inherently more challenging as they will require audit teams to assess and conclude on complex and often judgemental issues, for example in relation to future cash flows underpinning assessments of impairment and going concern. Rigorous challenge of management and the application of professional scepticism are especially important in such audits.

With some adaptations to take account of the small number of PIE audits conducted by some Tier 2 and Tier 3 firms and the nature of those audits, we focus on the same sectors and audit areas as we do in our inspections at Tier 1 firms. For 2022/23 these were:

Priority sectors	Audit areas of focus
* Travel, hospitality and leisure	* Climate-related risks
* Retail	* Fraud Risk
* Construction and materials	* Cash and cash flow statements
* Gas, water and multi-utilities	* Provisions and contingent liabilities
	* Impairment of assets
	* Revenue
	* Group audits

Our inspection findings cannot be taken as a balanced scorecard of the overall quality of a firm's audit work. Our forward-looking supervision work at Tier 2 and Tier 3 firms, while less intensive than at Tier 1 firms, provides us with a greater depth of understanding of a firm's approach to audit quality and the future development of its audit quality improvement initiatives.

How we assess the individual audits we inspect

We assess each completed inspection using four categories: Good; Limited improvements required; Improvements required; and, Significant improvements required. In our public reporting we combine the first two as good or limited improvements required.

Any audit requiring more than limited improvements is a cause for concern.

How we report on the individual audits we inspect

Our inspections of individual audits focus on the quality of the audit work performed in the areas we select for review including: the sufficiency and appropriateness of the audit evidence obtained; and, the appropriateness of the key audit judgements made by the audit engagement partner and their team.

For each inspection we issue a confidential report to the audit engagement partner and the audit committee chair (or other person with equivalent governance responsibilities). This sets out the scope of our review, any key or other findings arising, the actions the firm proposes to take to address our findings, and any good practices which we identified in specific areas.

Our inspection reports distinguish between any key findings (resulting in assessment of the audit as requiring more than limited improvements) and other findings.

How we report our overall inspection findings

We privately report our overall inspection findings to each firm. We agree with the firm the actions it will take to remedy the findings from our inspection of:

The firm's system of quality control/quality management.
Individual audits.

We also report our inspection findings internally and to a firm's RSB for the purposes of decisions on a firm's audit registration.

Appendix 3

Tier 2 and Tier 3 firms

The following table sets out the firms in Tier 2 and Tier 3 for 2022/23.

Tier 2 (5)	Tier 3 (24)
Crowe U.K. LLP	Anstey Bond LLP
Haysmacintyre LLP	Beever and Struthers
MacIntyre Hudson LLP	Begbies
PKF Littlejohn LLP	Bennett Brooks & Co Limited*
RSM (UK) Audit LLP*	Bright Grahame Murray
	BSG Valentine (UK) LLP*
	CBW Audit Ltd (now Gravita Audit II Limited)
	Deloitte (NI) Ltd*
	Edwards Veeder (UK) Limited*
	Gerald Edelman LLP
	Grant Thornton (NI) LLP
	Hazlewoods LLP
	Jeffreys Henry LLP
	Johnsons Financial Management Ltd
	Johnston Carmichael LLP
	Kreston Reeves LLP*
	LB Group Ltd
	Moore Kingston Smith LLP
	Pointon Young Limited
	Price Bailey LLP
	Royce Peeling Green Limited
	RPG Crouch Chapman LLP
	Shipleys LLP*
	UHY Hacker Young LLP

Notes

Where a firm name is in bold type, the FRC inspected at least one audit file in 2022/23.
Where there is also a * next to the firm's name, the FRC also inspected the firm's quality control procedures.
Firms whose names are highlighted in white were no longer PIE audit firms by the end of 2022/23.

Changes to firms in Tier 2 and Tier 3 for 2023/24

For 2023/24, we have re-evaluated the tier of three firms as follows:

Grant Thornton UK LLP has been reallocated from Tier 1 to Tier 2.
Johnston Carmichael LLP has been reallocated from Tier 3 to Tier 2.
Haysmacintyre LLP has been reallocated from Tier 2 to Tier 3.

Firms, usually in Tier 3, may enter or exit the PIE audit market during 2023/24. For an up-to-date list of PIE audit firms, refer to the PIE Auditor Register.

Curved concrete bridge spanning a body of water in a mountainous landscape under a cloudy sky.

Financial Reporting Council 8th Floor 125 London Wall London EC2Y 5AS

+44 (0)20 7492 2300 www.frc.org.uk

International Standard on Quality Management (UK) 1. ↩
We inspected 14 audits in the current inspection cycle. Following an announcement relating to the audit work over the financial statements of one of the audits we inspected, we did not determine an overall assessment of that audit work. Accordingly, only 13 audits are included in the analysis of findings of the individual audits inspected. The inspection of the quality control procedures for the firm in question was completed and therefore any findings arising from this are included in this report, where applicable. ↩
Conducted under ISQC (UK) 1, as the standard in force up to December 2022. ↩
The total number of firms on the PIE Auditor Register as at 31 October 2023 was 41, being the 27 in Tier 2 and Tier 3 plus six Tier 1 firms, three Ireland based audit firms, two Channel Islands based audit firms and three individuals registered to undertake audits of PIEs in the name of the National Audit Office. ↩
In addition to measures imposed on PIE audit firms, undertakings have been agreed with a small number of PIE RIs. ↩
Includes firms that have an Undertaking as well as a Condition. ↩
In 2022/23, seven Tier 2 and Tier 3 firm audits that had been referred to the FRC's Case Examiner (under the Audit Enforcement Procedure) were resolved through Constructive Engagement. Further information on the Constructive Engagement process and common issues in Constructive Engagement cases is set out in the FRC's Annual Enforcement Review. ↩
Under International Standard on Quality Management (UK) 2, Engagement Quality Reviews. ↩

File

Name Tier 2 and Tier 3 Audit Firms - Audit Quality Inspection and Supervision 2022/23

Publication date 12 December 2023

Type Report

Format PDF, 3.4 MB

Download original

Tier 2 and Tier 3 Audit Firms - Audit Quality Inspection and Supervision 2022/23

File

Is this page useful?