!
Warning
The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:
- No human verification has been conducted of the converted content.
- While we strive for accuracy errors or omissions may exist.
- This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
- For the official and verified version of the publication, refer to the original PDF document.
If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].
Deloitte LLP Audit Quality Inspection and Supervision Report 2024
## Using this publication
The Financial Reporting Council (FRC) is responsible for the regulation of UK statutory auditors and audit firms. We assess, via a fair evidence-based approach, whether firms are consistently delivering high-quality audits and are resilient.
This report sets out the FRC's findings on key matters relevant to audit quality at Deloitte LLP (Deloitte or the firm). It should be used alongside the FRC's Annual Review of Audit Quality, which contains combined results and themes for all Tier 1 firms[^1] that are inspected annually.
Given our risk-based approach to selecting audits for inspection, it is important that care is taken when extrapolating our findings or assessment of quality to the whole population of audits performed by the firm. Given the sample sizes involved, changes from one year to the next cannot, on their own, be relied upon to provide a complete picture of a firm's performance.
This report also considers other wider measures of audit quality, such as results of audit inspections completed by the Institute of Chartered Accountants in England and Wales (ICAEW) and results from the firm's own internal quality reviews. The firm's response to the findings and the actions it plans to take as a result are included on page five and Appendix B.
This report is for general use by interested parties. However, we expect the following:
- Deloitte to use this report and its peers' reports to facilitate continuous improvement through actions in its Single Quality Plan (SQP).
- Other audit firms of all sizes to use this report for examples of good practice.
- Audit Committees to use this report to help them assess the quality of their audit/auditor and when appropriate as part of the process of appointing a new auditor.
- Investors to use this report in making assessments about the quality of audit, transparency and accountability in the relevant markets.
Throughout this report, the following symbols are used:
- KEY FINDING: Represents a key finding where the firm must take action to improve audit quality.
- GOOD PRACTICE: Represents examples of good practice we identified in our supervision, and we encourage other firms to consider applying these if appropriate to their circumstances.
- OBSERVATION: Represents an observation relating to the firm's initiatives to improve audit quality.
<blockquote markdown="1">
**Our Supervisory Approach**
The audit supervisory teams in the FRC's Supervision Division work closely together to develop an overall view of the key issues for each firm to improve audit quality. We also collaborate to develop our future supervision work.
</blockquote>
Further details on our approach to Audit Supervision can be found here. We also publish a separate inspection report on the quality of major local audits, the latest version of which can be found here and was published in December 2023.
[TOC]
The FRC does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it.
The Financial Reporting Council Limited 2024
The Financial Reporting Council is a company limited by guarantee.
Registered in England number 2486368. Registered Office:
8th Floor, 125 London Wall, London EC2Y 5AS
## 1. Overview {: #section-1 }
### Overall assessment
Deloitte has continued to respond positively to and has made good progress on actions to address our previous findings. This has resulted in improvements which are reflected across the audit inspections. The firm remains focused on its audit priority areas, including audit culture, where the firm has been proactive at incorporating some new ideas and approaches.
It is important for Deloitte to develop and enhance its monitoring activities to ensure that the firm's quality management processes are sufficiently robust.
#### Audit quality inspections
The percentage of audits inspected by the FRC requiring no more than limited improvements was 94%, which shows a continued improvement on the prior year. The equivalent results for FTSE 350 audits inspected was 100%. One of the audits we inspected was found to require significant improvements. The findings that contributed most to this year's inspection results related to the audit of impairment assessments. We have previously identified key findings and examples of good practice in this audit area. The firm should review the effectiveness of its actions to ensure greater consistency.
The overall results profile for inspections by the ICAEW was 100% classified as good or generally acceptable (page 11). The firm's internal quality monitoring results (Appendix A) show a year-on-year improvement.
#### Firm's system of quality management (SoQM)
Deloitte has implemented ISQM (UK) 1, including monitoring and remediation processes, and completed its first annual evaluation of its SoQM. Deloitte has invested considerable effort into implementing its new system. The firm has already begun the iterative process of improving and refining it, including in response to our feedback. The firm needs to strengthen aspects of its SoQM, including certain elements of monitoring processes, and enhance its evidencing of its SoQM, especially its monitoring and annual evaluation processes.
<div class="chart-description" markdown="1">
**Regulatory audit inspection results at Deloitte**
**% of audits inspected by the FRC requiring no more than limited improvements (Section 2)**
| Year | % |
| :-------- | :-- |
| 2023/24 | 94% |
| 2022/23 | 82% |
| 2021/22 | 82% |
| 2020/21 | 79% |
| 2019/20 | 76% |
*Annotation:* 1 audit inspected by the FRC in 2023/24 required significant improvements.
</div>
<div class="chart-description" markdown="1">
**% of audits inspected by the ICAEW classified as good / generally acceptable (Section 2)**
| Year | % |
| :--- | :-- |
| 2023 | 100% |
| 2022 | 100% |
| 2021 | 80% |
| 2020 | 90% |
| 2019 | 90% |
</div>
<div class="table-container" markdown="1">
| FRC's firm-wide areas of focus (Section 3) | Good practice | Key finding |
| :------------------------------------------------------- | :------------ | :---------- |
| **Area** | | |
| International Standard on Quality Management (UK) 1 (ISQM (UK) 1)[^2] | ✓ | ⬤ |
| Compliance with the FRC's Revised Ethical Standard 2019 | | ⬤ |
| ISQC (UK) 1: Training and methodology | ✓ | |
</div>
### Firm and FRC actions
<blockquote markdown="1">
**Deloitte's response**
Audit quality shapes our vision of the business we want to be, driving our priorities and defining our successes.
We are proud that the results of our FRC inspections show that 94% (2022/23: 82%) of our public interest audits were rated as 'good' or 'limited improvements' and that 100% (2023: 100%) of our audits reviewed by the ICAEW's QAD were assessed as good or generally acceptable. These sets of results reflect the continuous investment we are making and our commitment to acting in the public interest to deliver confidence and trust in business through our high-quality audits.
We recognise we still have more we want to do to ensure that we consistently meet the high standards we expect of ourselves. We take inspection, system of quality management (SoQM) and supervision focus areas seriously and place a significant level of resource and effort into understanding how we continually improve going forward. We have performed root cause analysis for all findings, including areas of good practice. Our root causes analysis identified the following factors which contributed to inspection outcomes:
- Mindset and critical thinking, including assumed knowledge;
- Depth and timeliness of direction, supervision or review; and
- Skills and knowledge (including seniority and relevant experience of the team members working on complex areas).
Further detail is provided in Appendix B.
We value the observations raised by both the FRC Supervision teams and the QAD, both in identifying areas for improvement and also the ongoing focus on sharing good practice to drive further and continuous improvement.
</blockquote>
<blockquote markdown="1">
**Deloitte's actions**
In response to FRC observations, we will or have already taken the following actions (please see Appendix B for further detail):
- Impairment and other valuations – enhancements to impairment specialist consultation approach and issue of further guidance materials to promote greater consistency;
- Data relied on for audit purposes – enhancements to existing guidance and template updates;
- ISQM (UK) 1 – enhancements to monitoring activities and the evidencing of the procedures performed, particularly in the areas of evidencing scope of testing and aggregation judgements; and
- Ethics and Independence – enhancements to guidance and templates, increased coverage in our monitoring of gifts and hospitality, conflict management system enhancements in relation to UK PIEs and additional engagement level procedures on approval of non-audit services whilst further developments are implemented to global conflict and approvals systems.
</blockquote>
<blockquote markdown="1">
**FRC's actions**
In response to this year's findings, we will take the following action:
- Continue our inspection of completed audits and how the firm is developing its SoQM, including in response to our findings.
- Maintain our supervision of the firm's SQP and use it to monitor the actions taken to improve audit quality and their effectiveness. This will include audit quality initiatives relating to audit culture, the scope of the Continuous Improvement Group, resourcing and certain independence matters (including the approval of non-audit services).
- Understand and assess the enhancements made to aspects of the firm's internal monitoring and evaluation processes.
</blockquote>
## Deloitte LLP – at a glance
## 2. Review of individual audits {: #section-2 }
### Our assessment of the quality of Deloitte audits reviewed – All
We reviewed 17 individual audits this year and assessed 16 (94%) as requiring no more than limited improvements. The results show continued improvement from prior years.
### FTSE 350
Of the ten FTSE 350 audits we reviewed this year, we assessed ten (100%) as achieving this standard. The results are a significant improvement on the prior year.
<div class="chart-description" markdown="1">
**Bar chart showing quality of Deloitte audits reviewed (All) 2019/20 - 2023/24**
The chart displays the percentage of audits falling into three categories: "Good or limited improvements required", "Improvements required", and "Significant improvements required".
| Year | Good or limited improvements required (%) | Improvements required (%) | Significant improvements required (%) | Total Audits (Count) |
| :-------- | :---------------------------------------- | :------------------------ | :------------------------------------ | :------------------- |
| 2019/20 | 76% (13) | 18% (3) | 6% (1) | 17 |
| 2020/21 | 79% (15) | 21% (4) | 0% (0) | 19 |
| 2021/22 | 82% (14) | 18% (3) | 0% (0) | 17 |
| 2022/23 | 82% (14) | 18% (3) | 0% (0) | 17 |
| 2023/24 | 94% (16) | 0% (0) | 6% (1) | 17 |
</div>
<div class="chart-description" markdown="1">
**Bar chart showing quality of FTSE 350 audits reviewed 2019/20 - 2023/24**
The chart displays the percentage of FTSE 350 audits falling into three categories: "Good or limited improvements required", "Improvements required", and "Significant improvements required".
| Year | Good or limited improvements required (%) | Improvements required (%) | Significant improvements required (%) | Total Audits (Count) |
| :-------- | :---------------------------------------- | :------------------------ | :------------------------------------ | :------------------- |
| 2019/20 | 90% (9) | 10% (1) | 0% (0) | 10 |
| 2020/21 | 70% (7) | 30% (3) | 0% (0) | 10 |
| 2021/22 | 90% (9) | 10% (1) | 0% (0) | 10 |
| 2022/23 | 80% (8) | 20% (2) | 0% (0) | 10 |
| 2023/24 | 100% (10) | 0% (0) | 0% (0) | 10 |
</div>
The audits inspected in the 2023/24 cycle included above had year-ends ranging from September 2022 to April 2023. Changes to the proportion of audits falling within each category reflect a wide range of factors, including the size, complexity and risk of the audits selected for inspection and the individual inspection scope. Our inspections are also informed by the priority sectors and areas of focus as announced annually. For these reasons, and given the sample sizes involved, changes from one year to the next cannot, on their own, be relied upon to provide a complete picture of a firm's performance and are not necessarily indicative of any overall change in audit quality at the firm. Given our risk-based approach, it is important that care is taken when extrapolating our findings or assessment of quality to the whole population of audits performed by the firm.
Any inspection cycle with audits requiring more than limited improvements indicates the need for a firm to take action to achieve the necessary improvements.
We set out below the **key findings** in areas where, based on our inspections, we believe improvements in audit quality are required. These findings may also include those on individual audits assessed as requiring limited improvements, due to the extent of occurrence across the audits we inspected.
<div class="table-container" markdown="1">
| Key findings | Why it is important |
| :-------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Improve the audit of impairment assessments and other valuations supported by discounted cash flow forecasts. | Auditors should adequately assess and challenge management's evaluation of impairment and other similar valuations, as these often involve significant judgement and can be subject to management bias or error. |
| Strengthen testing of the completeness and accuracy of data that is relied upon for audit purposes. | Auditors should perform appropriate procedures to assess the reliability of data used by management, as the completeness and accuracy of this is essential to ensure the accuracy of numbers in the financial statements. |
</div>
Further details of the above key findings are set out on the following pages, including the number of audits where we raised findings in these areas.
### Improve the audit of impairment assessments and other valuations supported by discounted cash flow forecasts
We inspected the audit of impairment of non-current assets and/or acquisition valuations supported by discounted cash flow forecasts on twelve audits and raised findings on five of them, including one assessed as requiring significant improvements.
- **Modelling accuracy:** The audit team did not adequately evaluate and challenge the model methodology and failed to identify a material factual error in the impairment model.
- **Cash flow forecasts:** On five audits, insufficient procedures were performed to evaluate and challenge growth assumptions in the cash flow forecasts that supported impairment assessments or acquisition valuations.
### Strengthen testing of the completeness and accuracy of data that is relied upon for audit purposes
We inspected the audit procedures performed over the reliability of data prepared by the entity on all audits where such data was a significant input to audit procedures in the areas scoped for inspection. We raised related findings on five audits.
- **Completeness and accuracy of data:** Four audit teams performed insufficient audit procedures to test the completeness and accuracy of data inputs into models that supported accruals, provisions or impairment assessments. One other audit team performed insufficient procedures to test the completeness and accuracy of data supporting revenue data analytics.
We also identified **good practice** in the audits we reviewed, including:
#### Risk assessment and planning
- **Robust risk assessment procedures:** We identified several examples of robust risk assessments at the audit planning stage. One audit team engaged fraud specialists to assist in the fraud risk assessment and audit response to identified risks, while another team demonstrated a high-quality assessment against the requirements of the revised ISA 315. Another team responded to a group's evolving circumstances by increasing the internal risk rating and scope of the audit, reducing materiality levels and reliance on controls, and engaging fraud and regulatory specialists.
#### Execution
- **Effective group audit oversight:** We inspected a number of audits of large, complex groups where the group audit team demonstrated a high standard of oversight of, and involvement with, component auditors. These audits included examples of comprehensive scoping assessments, a high-quality of reporting from component teams and extensive evidence of the audit team's interactions and discussions with component teams throughout the audits.
- **Contract accounting:** On one audit, there was comprehensive evidence of the audit team's evaluation and challenge of contract accounting and consideration of possible management bias. On another audit, the audit team evidenced detailed corroboration of the key inputs to contract accounting and effective challenge of management's forecasting accuracy.
- **Robust audit procedures, supported by effective use of specialists:** We observed several examples of robust audit procedures and challenge of management supported by the effective use of specialists by audit teams. These included assessment of assumptions and key inputs supporting the valuation of assets and impairment reviews, and the assessment of insurance provisions.
- **IT audit procedures:** On one audit, there was a robust response to specific risks relating to data migration. On another audit, the IT specialists performed a high standard of procedures to assess the completeness of IT systems (and related user accounts) covered by the entity's privileged access management and activity monitoring tools.
#### Completion and reporting
- **Reporting to the Audit Committee:** The reporting to Audit Committees on the audits we inspected was typically of a good standard. On one audit, the audit team's report to the Audit Committee included comprehensive details of challenges raised on individual investments.
## Monitoring review results by the Quality Assurance Department of ICAEW
ICAEW undertakes independent monitoring of the firm's non-PIE audits, under delegation from the FRC as the Competent Authority. ICAEW's work covers private companies, smaller AIM listed companies, charities and pension schemes. The FRC is responsible for monitoring the firm's firm-wide controls and ICAEW additionally reviews Continuing Professional Development records for a sample of the firm's staff involved in the audit work within ICAEW remit.
Overall the audit work reviewed was of a good standard. All ten files were either good or generally acceptable with no significant issues arising.
A detailed report summarising the audit file review findings and any follow-up action proposed by the firm will be considered by ICAEW's Audit Registration Committee in July 2024.
<div class="chart-description" markdown="1">
**Bar chart showing Monitoring review results by the Quality Assurance Department of ICAEW 2021-2023**
The chart displays the number of audits falling into three categories: "Significant improvement required", "Improvement required", and "Good/generally acceptable".
| Year | Good/generally acceptable (Count) | Improvement required (Count) | Significant improvement required (Count) | Total Audits (Count) |
| :--- | :-------------------------------- | :--------------------------- | :--------------------------------------- | :------------------- |
| 2021 | 8 | 2 | 0 | 10 |
| 2022 | 10 | 0 | 0 | 10 |
| 2023 | 10 | 0 | 0 | 10 |
</div>
<blockquote markdown="1">
**Good practice**
ICAEW identified good practice across all of the files reviewed. Examples included:
- Robust work over revenue which was well executed to address all relevant assertions and identified risks.
- Involvement with component auditors including review, supervision, and documentation.
- Good documentation of journal selection rationale and specific journal testing performed.
</blockquote>
ICAEW assesses audit quality as 'good', 'generally acceptable', 'improvement required', or 'significant improvement required'. File selection is focused towards higher risk and more complex audits. Given the sample size, changes from one year to the next cannot be relied upon to provide a complete picture of a firm's performance or overall change in audit quality.
## 3. Review of the firm's system of quality management {: #section-3 }
In this section, we set out the key findings and good practice identified in our review of the firm's system of quality management (SoQM). ISQM (UK) 1 replaced the quality control standard (ISQC (UK) 1), which firms had been applying for many years, and introduced a fundamental change for firms' quality management approaches. Deloitte has invested considerable effort in implementing and operating the ISQM (UK) 1 requirements and has responded positively to our feedback.
2023/24 was a transitional inspection cycle covering both standards (details of our new ISQM (UK) 1 & 2 rotational testing can be found here). A glossary of some key ISQM (UK) 1 terms can be found in Appendix C.
### ISQM (UK) 1 - Risk Assessment, Governance and Leadership, Acceptance and Continuance, Monitoring and Remediation and Annual Evaluation
We reviewed the firm's implementation of ISQM (UK) 1, focusing on its risk assessment processes and completeness of risks, the design and implementation of responses to mitigate quality risks in the Governance and Leadership and Acceptance and Continuance components, and the design of monitoring procedures over these responses and the attainment of the firm's quality objectives.
We also reviewed a small sample of the monitoring procedures performed to assess the operating effectiveness of responses. This sample focused on responses containing significant elements of judgement, such as management review controls. We reviewed the process, evidence, and outcome for the firm's annual evaluation of its SoQM. This included how other sources of information on audit quality and the firm's SoQM were considered, and how matters were aggregated. We did not independently perform, or reperform, the firm's overall annual evaluation.
As ISQM (UK) 1 is focused on how firms achieve iterative improvement, we considered how the firm is developing its SoQM, including in response to the findings we shared during the inspection period. Our inspection findings in this area are reflective of our assertive and forward-looking approach as we seek to support firms in their development of effective, proportionate SoQMs.
#### Key findings
- **Completeness of quality risks:** The firm did not sufficiently justify how its quality risks were complete, as it excluded risks that related to engagement teams not following the firm's policies and processes.
- **Responses to quality risks:** In some instances, the firm's response descriptions did not sufficiently articulate how the response, or combination of responses, act to fully mitigate the risk. There were also inconsistencies in how robustly the firm assessed that responses were effectively designed.
- **Monitoring:** Assessment of responses to quality risks: The firm used a risk-based approach for scoping its sample testing of the operating effectiveness of responses. The firm did not sufficiently evidence the basis for this scoping. Additionally, in the small sample reviewed, for the monitoring of the elements of responses with high levels of judgement, the firm did not consistently demonstrate how a robust review was performed.
We understand the firm is undertaking an improvement programme to address these findings.
#### Insufficient evidence of certain monitoring procedures underpinning the annual evaluation
The firm did not sufficiently evidence how it performed certain monitoring procedures to support its annual evaluation. Specifically:
- How the firm assessed if the root causes identified on emerging audit inspection findings and ethics breaches could give rise to SQM deficiencies (individually or in aggregate);
- How the firm performed its process to assess the aggregation of matters relevant to its SQM;
- How business process owners monitored their SoQM areas, including the effective operation of all responses, identification and assessment of emerging issues and other relevant information;
- How senior leadership reviewed and challenged the basis for the annual evaluation, including assessing the completeness of deficiencies identified; and
- How the firm assessed the severity of a deficiency, including through consideration of the severity and extent of the linked quality findings and the extent of the remedial actions already taken.
From discussions with the firm, we understand it is already undertaking procedures to improve the evidencing of these judgemental processes.
#### Good practice
- The firm demonstrated examples of robust design assessments of responses, with analysis of a wide range of design factors.
- The firm has a triannual self-assessment process by business process owners, which includes a robust range of assessment prompts. This regular iteration of the firm's risk assessment helps ensure timely identification of changes and emerging issues.
- The monitoring templates used to perform sample testing over the operating effectiveness of responses are comprehensive and clearly structured. This supports consistent identification of the granular elements of the response that need to be monitored and identifies what needs to be assessed in respect of each.
### Relevant ethical requirements - Compliance with the FRC's Revised Ethical Standard 2019
In the current year, we evaluated the firm's compliance with the Ethical Standard. We focused our work on non-audit services. Our targeted sample testing included: checking for the provision of prohibited services; reviewing independence threats and safeguards assessments; and evaluating the completeness of independence reporting made by component auditors to the group auditors.
#### Key findings
- **Gifts and hospitality:** The firm requires gifts and hospitality relating to restricted entities, that are not clearly trivial and inconsequential, to be pre-approved and reviewed by a central team. The team also performs monitoring through sample testing of completed requests. In the quarter we reviewed, only three out of 25 items related to restricted entities, making it unclear how this limited sample would be effective in identifying relevant breaches.
- **Threats and safeguards assessments:** The firm did not perform robust assessments before approving new and reoccurring non-audit services for four out of 38 items we reviewed. In addition, for one evolving service, the firm did not have clear safeguards as to what would trigger re-assessment.
- **Approvals for non-audit services:** We continue to monitor whether the UK firm has sufficient assurance that network firms are adhering to the global policy which requires them to obtain all relevant approvals for non-audit services from UK audit partners, which was raised in the previous year as a key finding. Furthermore, aspects of the global conflict management system need to be enhanced to consistently identify where non-audit services are linked to UK PIEs.
### ISQC (UK) 1: Training and methodology
Given the transition to ISQM (UK) 1 we performed our final supervision of training and methodology under ISQC (UK) 1. We reviewed the firm's processes for identifying methodology updates and training needs. We also considered how the methodology updates and training were then designed, approved, and communicated to the audit practice. We paid specific attention to revisions following changes to ISA (UK) 240 and ISA (UK) 315. We also reviewed the firm's training processes, including monitoring attendance and evaluation of learning objectives. No key findings were identified at the firm.
#### Good practice
- Prior to promotion to manager, all assistant managers are subject to a working paper review exercise to assess potential areas where the staff member may require additional training.
- The firm seeks regular feedback from its overseas delivery teams through surveys and focus groups, covering all grades, to identify the training needs for these staff.
- The firm requires all teams to complete team-based training on key topics to ensure key messages delivered to qualified staff are communicated and discussed with junior staff.
Our SoQM inspection work is undertaken on a risk-focused, cyclical basis. This is supported by targeted thematic work on particular aspects of firms' SoQMs. In this current year, we conducted four audit thematic reviews on the Tier 1 firms to complement our monitoring of ISQM (UK) 1. The areas covered in these thematic reviews were: Sampling; Hot Reviews; Network Resources and Service Providers; and Root Cause Analysis. Published reviews can be found here.
## 4. Forward-looking supervision {: #section-4 }
We take a risk-based, assertive and proportionate approach to the supervision of firms, which is complementary to our programme of inspections. We balance holding firms to account to take prompt action to address quality findings, with acting as an improvement regulator and sharing good practice to facilitate improvements across the sector. A Supervisor dedicated to each firm draws together evidence and indicators of risks, identifying and prioritising what firms must do to improve audit quality and enhance resilience, alongside identifying what could go wrong in the future.
Our observations from the work we have conducted this year, and updates on what more the firm must do in respect of previous observations are set out below. Where we raise key findings, we require the firm to include actions in their Single Quality Plan (SQP).
### Single Quality Plan and other quality initiatives
We require all Tier 1 firms to maintain an SQP to drive measurable improvements in audit quality and resilience, and to demonstrate the effectiveness of actions taken. The SQP ensures action in the most critical areas is prioritised and enables firms to be held to account by us and their non-executives.
#### Observations
The SQP draws information from a number of sources including the firm's audit quality plan and provides clarity and focus on the audit quality priority areas. There is good oversight and challenge from the firm's Independent Non-Executives (INEs). The SQP includes a range of effectiveness measures for the priority areas. These would benefit from ongoing development, so they can be quickly refined and adapted for a changing environment.
The firm must improve the functionality of the SQP tool to build on its analytical ability and ensure it provides a more holistic overview of current, planned and past initiatives. This will ensure that senior resource can focus on more complex and real time analysis, facilitating a more agile and forward-looking approach.
### Root cause analysis
Root cause analysis (RCA) is an important part of an effective continuous improvement cycle designed to identify the causes of quality issues so that action can be taken to address the risk of recurrence. Further, ISQM (UK) 1 has made RCA a requirement for all firms when deficiencies are identified in the system of quality management.
#### Observations
Deloitte has a well-developed RCA process and an experienced RCA team.
#### RCA actions and remediation
There is good linkage to the RCA remediation team with oversight and challenge from the Continuous Improvement Group.
### Continuous engagement and holding the firm to account
We hold firms to account to take prompt action to address quality findings and to set an appropriate tone from the top.
#### Observations
- **Tone at the top:** The firm remains clear and consistent in its communications around the importance of audit quality.
- **Continuous Improvement Group (CIG):** The CIG has continued to broaden the scope of its work. It has direct access to the Audit Executive and regularly reports to the INEs. The CIG would benefit from enhanced analytical tools (including the SQP tool).
- **Effectiveness measures:** While improvements have been made to the breadth and appropriateness of effectiveness measures, the firm should ensure that these remain relevant and responsive.
- **Constructive engagement:** We have engaged on four constructive engagement cases through the period, all of which have been closed. The firm has taken appropriate actions including strengthening procedures, guidance and training aimed at preventing future recurrence of findings.
- **Non-financial sanctions:** No new non-financial sanctions have been imposed since the last public report with reporting and monitoring of four further sanctions which were opened in a previous cycle. Three of these have now been closed following reports from the firm on the responses taken, their effectiveness and further actions to be taken where necessary. The CIG has provided an additional layer of challenge and, where appropriate, linkage to other (related) audit quality initiatives.
- **Audit Culture:** Deloitte has made considerable progress over the last year introducing audit specific culture and behaviours.
<div class="highlight-box" markdown="1">
**Audit Culture Lead:** The importance of the firm's audit culture has been reinforced with the appointment of the audit culture lead to the Audit Executive team and holding a range of focused group discussions and training (including at a senior level, within engagement teams as well as visits to UK dedicated offshore delivery centres).
</div>
<div class="highlight-box" markdown="1">
**In-flight reviews:** The number of full in-flight reviews continues to be below the firm's planned number and is lower than those undertaken by the firm's peers. This reduces the extent and breadth of monitoring information available.
</div>
### Emerging risks and trends
Our forward-looking supervision aims to aid firms by identifying risks from emerging trends before quality issues occur.
#### Observations
- **Increased use of offshore delivery centres:** Deloitte must continue to evolve and evaluate its quality control processes to mitigate the risk from its increased use of, and the wider breadth of work undertaken by offshore centres to deliver audits.
- **Recruitment approach:** The current recruitment process for graduates, school leavers and experienced hires continues to be undertaken on a virtual basis. Deloitte must ensure it mitigates the risks of a fully virtual recruitment process.
- **Audit software:** The firm's new audit software will continue to be rolled out over the next three years. It is important that audit teams have sufficient time to adapt to and transfer information on to the new systems.
## Appendix A – Firm's internal quality monitoring {: #appendix-a }
This appendix sets out information prepared by the firm relating to its internal quality monitoring for individual audit engagements (Practice Review, or PR). We have not verified the accuracy or appropriateness of these results. The appendix should be read together with the firm's Transparency Report for 2023 and its 2024 report (when published) which provide further detail of the firm's internal quality monitoring approach, results, root cause analysis, remediation, and wider system of quality control. Due to differences in how inspections are performed and rated, the results of the firm's internal quality monitoring are not directly comparable to those of other firms or external regulatory inspections.
### Results of internal quality monitoring[^8],[^9]
The results of the firm's 2023 Practice Reviews and two previous years are set out below. The 2023 Practice Reviews comprised inspections of 101 individual archived audits (2022: 91), with opinions signed between 1 June 2022 and 31 May 2023.
<div class="chart-description" markdown="1">
**Bar chart showing Results of internal quality monitoring 2021-2023**
The chart displays the percentage of audits falling into three categories: "Compliant", "Improvements Required", and "Non-Compliant".
| Year | Compliant (%) | Improvements Required (%) | Non-Compliant (%) |
| :--- | :------------ | :------------------------ | :---------------- |
| 2021 | 80% | 13% | 7% |
| 2022 | 84% | 12% | 4% |
| 2023 | 88% | 8% | 4% |
</div>
### Themes arising from internal quality monitoring
The firm continues to see the severity and total number of findings decreasing in each of the key areas with findings when compared to the prior year.
Key areas with findings included:
- The evidencing of tests and thresholds utilised to identifying journal entries for further testing as part of management override of control.
- The sufficiency of audit documentation on file to support a fact-based risk assessment.
- Areas in relation to concluding the audit, including consideration around litigation and claims.
- Sufficiency of testing around post balance sheet events.
Further key areas of findings in the current year relate to financial statement presentation and disclosure in relation to cash and cashflow statements, and the design and performing of tests of detail, mostly relating to the testing of revenue and inventory.
## Appendix B - Deloitte's responses and actions {: #appendix-b }
### Our Audit and Assurance business strategy and culture
Together our strategy execution framework, Single Quality Plan (SQP), Audit Quality Plan (AQP) which underpins the SQP and our Cultural Ambition help us design, prioritise and drive impactful change in the business. The audit culture and the audit quality environment we create is critical to our resilience and reputation as a business. We are proud of our purpose-led culture and to be operating in a ringfence as a fully transparent business, independently governed by the Audit Governance Board (AGB).
As recognised by the FRC, we have made significant progress over the last twelve months in enhancing and nurturing our culture. We are pleased to see the feedback from our recent audit culture surveys of our people recognises the positive culture we have within our Audit and Assurance business. Our focus is now on continuing to activate our Cultural Ambition and on our baseline culture measurement, which presents a view of our culture, twelve months post the launch of our Cultural Ambition and associated Audit and Assurance behaviours. We believe our culture and our structure is aligned to serve our purpose.
We determine in-year strategic priorities to accelerate the implementation of our strategy. For FY24, these remained focused on our strategic objectives related to building and upholding a purpose-led culture focused on delivering the highest audit quality, assessing emerging issues and risks, winning the race for talent, and delivering a resilient audit portfolio.
In March, Deloitte announced plans to change our global storefront, aligning our capabilities and offerings more closely to market needs. In Audit & Assurance (A&A), our go-to-market offering portfolios of audit and assurance remain unchanged.
### ISQM (UK) 1
Audit quality is always front and centre and we believe that an effective SoQM is crucial for its delivery. ISQM (UK) 1 implementation facilitated a critical assessment and enhancement of our existing SoQM. On 31 May 2023, we were pleased to be able to issue our first conclusion on the effectiveness of our SoQM, being satisfied that our SoQM provides the firm with reasonable assurance that the objectives of ISQM (UK) 1 are being achieved. We have valued the independent review performed by the FRC, and the further objective insights this has brought. We have already taken action to address the matters raised by the FRC, improving the evidencing of the rigour of our responses in areas of judgement and working to standardise the capture of risks and responses. The environment in which we operate continues to evolve, and we remain focussed on identifying and investing in the changes required to keep our SQM effective.
### Single Quality Plan
Our Single Quality Plan (SQP) has been a continued area of focus this year. Through it we prioritise and measure progress in specific identified areas that we consider most critical to maintaining both the high level of quality in our audits that we expect and the strength of our SoQM. In response to FRC feedback, we have increased the frequency of our SQP reporting to quarterly to allow for priority areas to be adapted on a more frequent basis and we are committed to the ongoing review of the identified effectiveness measures. We are continuing to develop our SQP tool to further build on its analytical ability.
### Recruitment approach
As we continue to grow our business, we are returning to in-person interviews from September 2024 for those applying to join our Graduate and Brightstart programmes.
### Continuous improvement and root cause analysis
We are pleased to see the positive impact of actions taken over the last 12 months to address findings raised by the FRC. We have a reduction in the number of key findings and none of the AQR findings from the 22/23 inspection cycle have recurred as key findings in this year's cycle.
Improving the effectiveness of our testing of revenue has been an SQP priority area over the last year, with our revenue centre of excellence and coaching programme being well received across the practice.
We welcome the breadth and depth of good practice points raised by the FRC and ICAEW, particularly in respect of effective group oversight, contract accounting and the challenge of management, where we have continued to take action to support the high-quality execution of audit work.
#### Root cause analysis
Our root cause analysis identified the following factors which contributed to inspection outcomes:
<a class="section__global-number" href="#paragraph-1" id="paragraph-1">1</a>**Mindset and critical thinking, including assumed knowledge** – We observed that where active discussion of audit issues and approach are partner led, including interactions with specialists, we see higher quality audit work, particularly when there is a focus on contemporaneous documentation of our critical thinking and audit procedures to capture our challenge. Overreliance on previous experience or knowledge of an audited entity led to findings where weaknesses in audit evidence retained on the audit file to support key judgements were identified.
<a class="section__global-number" href="#paragraph-2" id="paragraph-2">2</a>**Depth and timeliness of direction, supervision or review** – Early and regular involvement throughout the audit of the partner and senior engagement team members led to positive inspection outcomes and the execution of higher quality audit work. Conversely, where supervision and review was prioritised to focus on more complex areas, we identified weaknesses in the depth of review elsewhere on the audit file which resulted in instances of lower quality audit work.
<a class="section__global-number" href="#paragraph-3" id="paragraph-3">3</a>**Skills and knowledge (including seniority and relevant experience of the team members working on complex areas)** – Instances were identified where existing tools and guidance for both the audit of management estimates and testing of data used in our audits were not utilised appropriately. Our root cause analysis identified a small number of instances where sub-optimal team composition meant that we did not have the right mix of skills and experience in the engagement team. We have and will continue to take action to clarify and enhance the understanding and application of existing guidance, including issuing new guidance on the direction, supervision and review, and reminders on available guidance to our practitioners.
Our root cause analysis also identified isolated areas where instances of our firmwide processes were not operating as expected which led to a 'significant improvements' inspection outcome. Prompt action has already been taken to enhance these processes.
#### Continuous Improvement Group (CIG)
CIG has carried out a broad scope of challenge of audit quality actions this year, including reviews of the SQP and deep dives on key areas such as Audit Culture. CIG currently use both the SQP and the AQP tool as a regular part of their work. Going forward, CIG will explore the use of available internal tools within its assessment of risks and planning for future areas of CIG focus.
### Key findings and observations
Following an assessment of the RCA themes arising and actions already taken, we have determined where further action is required. All AQR findings have been communicated in our monthly regulatory briefings.
### Impairment assessments and other valuations
We are pleased to see examples of good practice highlighted by the FRC in respect of our work on impairment and valuations.
We remain focused on ensuring greater consistency of our work in this area. We have taken action during the inspection cycle to communicate the impairment findings around the A&A practice, along with mandatory training, focused on cash flow forecasts. We are revisiting our impairment specialist consultation policy to expand the scope of engagements that meet the consultation criteria and in certain instances extend the extent of involvement of the impairment specialist. We also plan to issue further guidance and training materials on hot topics and areas of regulatory focus, including cash flow modelling and when it is appropriate to use tax and valuation specialists.
### Completeness and accuracy of data
We have taken action through the year to respond to the findings and primary root causes. Our actions focused on clarifying and supplementing existing guidance to ensure that appropriate audit procedures are performed where we rely on data prepared by the entity. Further actions will be taken to update our templates to include specific risk assessment prompts for teams to identify key data sets and attributes, risk assess and link to procedures performed to address the risk.
### ISQM (UK) 1
In the first year of operation, we are pleased to see areas of good practice reported by the FRC. Whilst we are satisfied that our SoQM provides us with reasonable assurance that the objectives of ISQM (UK) 1 have been achieved, we remain focussed on learning from our initial period of operation to identify actions and implement further enhancements. We have already taken action, improving the evidencing of judgements in scoping our monitoring procedures and consideration of aggregation, and are working to improve the consistency and clarity of the risks and responses.
### Ethics and independence
We have taken specific actions in response to the findings raised, including increasing the coverage of Restricted Entities in our Gifts and Hospitality monitoring, conflict management system enhancements in relation to UK PIEs alongside enhancing templates and guidance to support teams in the assessment and documentation of threats and safeguards with further training planned. In respect of whether network firms are obtaining the required approvals for non-audit services from UK audit partners, we are continuing to develop further actions with planned enhancements to our guidance and engagement level procedures that, alongside the previously identified suite of policy, procedures and monitoring in place, will provide additional assurance over the completeness of UK approvals whilst further developments are implemented to global conflict and approvals systems.
### In-flight reviews
We have increased the number of formal in-flight reviews being performed in FY24. We are committed to increasing these further over the coming years alongside a refocus of our in-flight activities to capture a broader spectrum of our portfolio within our overall in-flight programme. Our formal in-flight review programme is also supplemented by many other in-flight activities and provides a range of monitoring intended to impact positively on audit quality.
## Appendix C – ISQM (UK) 1 Glossary {: #appendix-c }
The following definitions were extracted from ISQM (UK) 1[^10].
<div class="table-container" markdown="1">
| Term | Definition |
| :------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **System of quality management (SoQM)** | A system designed, implemented and operated by a firm to provide the firm with reasonable assurance that:<br/>i. The firm and its personnel fulfill their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements; and<br/>ii. Engagement reports issued by the firm or engagement partners are appropriate in the circumstances.<br/><br/>A system of quality management under ISQM (UK) 1 addresses the following eight components:<br/>• The firm's risk assessment process;<br/>• Governance and leadership;<br/>• Relevant ethical requirements;<br/>• Acceptance and continuance of client relationships and specific engagements;<br/>• Engagement performance;<br/>• Resources;<br/>• Information and communication; and<br/>• The monitoring and remediation process.<br/><br/>Firms are required to perform their first annual evaluation of the SoQM by 15 December 2023. |
| **Quality objectives** | The desired outcomes in relation to the components of the system of quality management to be achieved by the firm. |
| **Quality risk** | A risk that has a reasonable possibility of:<br/>i. Occurring; and<br/>ii. Individually, or in combination with other risks, adversely affecting the achievement of one or more quality objectives. |
| **Response** | Policies or procedures designed and implemented by the firm to address one or more quality risk(s) in relation to its system of quality management:<br/>i. Policies are statements of what should, or should not, be done to address a quality risk(s). Such statements may be documented, explicitly stated in communications or implied through actions and decisions.<br/>ii. Procedures are actions to implement policies. |
| **Findings** | Information about the design, implementation and operation of the system of quality management that has been accumulated from the performance of monitoring activities, external inspections and other relevant sources, which indicates that one or more deficiencies may exist. |
| **Deficiency** | A deficiency in a firm's system of quality management exists when:<br/>i. A quality objective required to achieve the objective of the system of quality management is not established;<br/>ii. A quality risk, or combination of quality risks, is not identified or properly assessed;<br/>iii. A response, or combination of responses, does not reduce to an acceptably low level the likelihood of a related quality risk occurring because the response(s) is not properly designed, implemented or operating effectively; or<br/>iv. An other aspect of the system of quality management is absent, or not properly designed, implemented or operating effectively, such that a requirement of this ISQM (UK) 1 has not been addressed. |
| **Ultimate responsibility** | Individual(s) assigned ultimate responsibility and accountability for the firm's SoQM should evaluate the SoQM, on behalf of the firm, and shall conclude, on behalf of the firm, whether or not the SoQM provides the firm with reasonable assurance that the objectives of the SoQM are being achieved, required under ISQM (UK) 1 paragraph 54. |
</div>
<div class="diagram-description" markdown="1">
**Diagram: ISQM (UK) 1 Annual Evaluation Components**
This circular diagram illustrates the eight components that feed into the "ISQM (UK) 1 Annual Evaluation" at its center. The components are:
- Risk Assessment
- Governance & Leadership
- Relevant Ethical Requirements
- Acceptance & Continuance
- Engagement Performance
- Resources (Human, Intellectual & Technological)
- Information & Communication
- Monitoring & Remediation
</div>
---
**Financial Reporting Council**
8th Floor
125 London Wall
London EC2Y 5AS
+44 (0)20 7492 230
www.frc.org.uk
Follow us on **Linked in** or **X @FRCnews**
---
[^1]: The six Tier 1 firms in 2023/24 were: BDO LLP, Deloitte LLP, Ernst & Young LLP, KPMG LLP, Mazars LLP, and PricewaterhouseCoopers LLP. With effect from 1 June 2024, Mazars LLP changed its name to Forvis Mazars LLP. We have published a separate report for each of these firms along with a cross-firm Annual Review of Audit Quality.
[^2]: The new standard is a significant change to ISQC (UK) 1, requiring firms to take a more proactive and risk-based approach to managing quality. The standard also required a step change in firms' monitoring, as well as the introduction of a self-evaluation of their SoQM. Page 10 of the Annual Review of Audit Quality sets out the key differences.
[^8]: The grading categories used by the firm are: Compliant - no exceptions or very minor/ isolated instances of non-compliance with certain policies, requirements or standards; Improvement Required - a small number of findings relating to these areas; Non-Compliant - non-compliance with several policies, requirements or professional standards or an individually significant matter was identified.
[^9]: In 2023 the firm's Practice Review reporting year was updated to the year ending 15 July 2023. Comparative data for 2022 and 2021 has been restated accordingly.
[^10]: https://media.frc.org.uk/documents/ISQM%20UK%201%20Issued%20July%202021%20Updated%20March%202023.pdf
File
Name
Deloitte LLP Audit Quality Inspection and Supervision Report 2024
Publication date
29 July 2024
Type
Report
Format
PDF, 1.0 MB