The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:
- No human verification has been conducted of the converted content.
- While we strive for accuracy errors or omissions may exist.
- This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
- For the official and verified version of the publication, refer to the original PDF document.
If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].
Mazars Audit Quality Inspection 2018/19
The FRC's mission is to promote transparency and integrity in business. The FRC sets the UK Corporate Governance and Stewardship Codes and UK standards for accounting and actuarial work; monitors and takes action to promote the quality of corporate reporting; and operates independent enforcement arrangements for accountants and actuaries. As the Competent Authority for audit in the UK the FRC sets auditing and ethical standards and monitors and enforces audit quality.
This report sets out the principal findings arising from the 2018/19 inspection of Mazars LLP ("the firm") carried out by the Audit Quality Review team ("AQR") of the Financial Reporting Council ("the FRC"). We conducted this inspection in the period from April 2018 to March 2019 ("the time of our inspection"). We inspect Mazars, and report publicly on our findings, annually.
Our report focuses on the key areas requiring action by the firm to safeguard and enhance audit quality. It does not seek to provide a balanced scorecard of the quality of the firm's audit work. Our findings cover matters arising from our reviews of both individual audits and the firm's policies and procedures which support and promote audit quality. This year, our firm-wide work, performed on a three year cycle, focused on internal quality monitoring, engagement quality control reviews and independence and ethics.
Our priority sectors for inspection in 2018/19 were general retailers; oil and gas producers; support services companies; and financial services. Of the 139 audits that we reviewed in the year across all firms (excluding Local Audit inspections), the number in priority sectors was: General retailers (11); Oil and Gas producers (7); Support services (13); and Financial services (34).
We also paid particular attention to the following areas of focus: changes in auditor appointments; audit of fair value investments (including goodwill impairment); the use of auditor's experts and specialists; and the audit of controls.
We consider whether action under the FRC's enforcement procedures is appropriate for all reviews assessed as requiring improvements or significant improvements. In practice, audits assessed as requiring significant improvement, and some of those assessed as requiring improvement, will be referred to the FRC's Case Examiner for consideration of further regulatory action. The Case Examiner will consider the most appropriate action, including Constructive Engagement with the audit firm or referral to the FRC's Conduct Committee for consideration of whether to launch a full investigation. This may result in a sanction being imposed and enforced against a statutory auditor and/or the audit firm in accordance with the FRC Audit Enforcement Procedure.
Bar chart: Our assessment of the quality of audits reviewed for Mazars
This chart displays the proportion of audits falling into three quality categories across three inspection cycles: 2018/19, 2017/18, and 2014/15. The categories are: "Good or limited improvements required", "Improvements required", and "Significant improvements required".
For 2018/19: * 60% (3 audits) required Good or limited improvements * 20% (1 audit) required Improvements * 20% (1 audit) required Significant improvements
For 2017/18: * 80% (4 audits) required Good or limited improvements * 20% (1 audit) required Improvements * 0% (0 audits) required Significant improvements
For 2014/15: * 60% (3 audits) required Good or limited improvements * 20% (1 audit) required Improvements * 20% (1 audit) required Significant improvements
Changes to the proportion of audits falling within each category reflect a wide range of factors, including the size, complexity and risk of the audits selected for review and the scope of individual reviews. Our selections, which are primarily risk-focused, are also informed by the priority sectors and areas of focus referred to above. For these reasons, and given the sample sizes involved, changes from one year to the next cannot, on their own, be relied upon to provide a complete picture of a firm's performance and are not necessarily indicative of any overall change in audit quality at the firm.
Any inspection cycle with audits requiring more than limited improvements is a cause for concern and indicates the need for a firm to take action to achieve the necessary improvements.
1. Overview
The FRC set a target for the firms that at least 90% of FTSE 350 audits should be assessed as requiring no more than limited improvements by the end of the 2018/19 inspection cycle. Regrettably, no firm inspected this year achieved the target.
As a result, we will, for 2019/20:
- Continue to measure firms' audit quality against the 90% FTSE 350 target and expect all firms to meet that target.
- Extend the 90% target to all other audits within the scope of our inspection.
Stakeholders rightly demand high quality work on all audits and they would expect, we believe, that all audits subject to our review should require no more than limited improvements. We will therefore, for 2020/21 onwards, set a new target for audit firms that 100% of audits should require no more than limited improvements.
All the firms reviewed have performed root cause analysis and identified a number of themes relating to why the audits we inspected did not always meet the required standard and why certain findings recur over a number of years. These themes, across the firms inspected, include insufficient scepticism and weaknesses in project management or resourcing. In addition, the analysis also highlighted inconsistent execution of firms' audit methodologies and quality control procedures. Firms' actions should be targeted and responsive to the findings from their root cause analysis to achieve the required improvements in audit quality.
We will continue to take robust action for all reviews assessed as requiring improvements or significant improvements. To date, for the past two inspection cycles, we have referred 16 audits, across all firms inspected, to the Case Examiner for consideration of further enforcement action. In these cases, we further scrutinise the root cause analysis undertaken by the firm and the actions taken by the firm in response to our findings and consider what additional action we can take to ensure audit quality.
Key findings for Mazars
The overall results of our reviews of the firm's audits show worse results than the previous year, with two out of five assessed as requiring more than limited improvements, compared with one of five in 2017/18. We also note that we have assessed three audits as requiring significant improvements over our last four inspection cycles. Across all the reviews, there are a number of findings that the firm needs to address, some of which are similar to findings from our last inspection.
The firm has made progress this year in addressing prior year firm-wide findings on recording and monitoring partner financial interests and including specific performance objectives for audit quality in partner and staff appraisals. However, improvements continue to be required to the recording and monitoring of staff financial interests.
Our key individual review findings related principally to the need to:
- Improve consultation and monitoring processes for non-audit services.
- Improve the testing of controls including IT general controls.
- Strengthen the testing of revenue for complex revenue streams and improve substantive analytical review procedures.
- Improve the evidence of appropriate challenge in areas of judgement.
We had no significant findings arising from our firm-wide work on internal quality monitoring and engagement quality control reviews.
The firm-wide issues identified concerned:
- Continuing to improve systems and procedures to ensure compliance with the revised Ethical Standard.
Given our key individual review findings noted above, this would indicate that the firm's quality control procedures have not been sufficiently effective to achieve the necessary improvement in audit quality.
Further details of our key findings are given in section 2, together with the firm's actions to address them.
Good practice identified and developments in the year
We identified examples of good practice in the course of our work, including the involvement of actuarial specialists. These, together with firm developments in the year, are set out in section 3.
Root cause analysis
Thorough and robust root cause analysis (“RCA”) is necessary to enable firms to develop effective action plans which are likely to result in improvements in audit quality being achieved.
The firm has performed RCA in respect of our key findings and considered the outcome in developing the actions included in this report. We will continue to assess the firm's RCA process and encourage all firms to develop their RCA techniques further.
Given that no firm this year has met the FTSE 350 target, firms need to re-appraise whether their RCA accurately identifies the causes of our inspection findings and whether their actions are properly linked to those causes. In particular, the firms should increase their focus on systemic issues behind the findings as well as the findings on each individual audit.
Firm's overall response and actions:
We fully support the efforts of the Financial Reporting Council, through the Audit Quality Review team, in demanding improvements in the quality of the audit work performed on Public Interest Entities. We know that confidence in audit can only be re-built through measurable improvements in quality and strive to make improvements every year in our work, particularly through investing in our people and through putting in place additional procedures and guidance for audit teams that deliver high quality. It is therefore disappointing that two of the audit engagements reviewed by the AQR this year were judged to require more than limited improvements.
We have performed a root cause analysis of each of the findings in this report and developed an action plan that we consider addresses the underlying causes identified. It is particularly important that we understand the root causes for why things go well in addition to understanding the causes for those situations where the outcome is not satisfactory. This will be an area of focus over the coming year to ensure that standards are safeguarded through the firm more clearly learning what leads to the delivery of our highest quality audits.
As further detailed in the responses prepared for each of the findings, we have considered carefully the causes of the weaknesses identified and have put in place plans to address each of them, sharing the learning points across the whole team. We believe that teams learn best when they see practical examples of where improvements are required and we encourage a culture where improvement is always expected.
Where improvements were highlighted for which the root cause was non-compliance with our existing policies or procedures, we have taken the opportunity to consider how we can add controls or further guidance to help prevent re-occurrence.
In other instances we have tightened and clarified the wording of the guidance in place to ensure expectations of teams are better communicated.
Our response to each of the findings will be the subject of focussed internal monitoring reviews. We are committed to doing all we can to ensure findings are not repeated.
We have welcomed the challenge provided by our Independent Non-Executives during the year in respect of our plans to enhance audit quality.
2. Key findings requiring action and the firm's response
We set out below the key areas where we believe improvements are required to enhance audit quality and, where relevant, safeguard auditor independence. We asked the firm to provide a response setting out the actions it has taken or will be taking in each of these areas.
Individual audit reviews
Improve consultation and monitoring processes for non-audit services
The UK Ethical Standard established enhanced prohibitions relating to the provision of non-audit services to Public Interest Entities. These requirements are also applicable to a Public Interest Entity's parent and controlled undertakings. Audit teams must comply with these requirements to safeguard auditor independence.
In one of the audits we reviewed, the firm provided VAT & tax support services to a Public Interest Entity's parent undertaking that are prohibited under the UK Ethical Standard. Two of the five services provided had not been approved by the audit RI “Responsible Individual" and no consultation was undertaken with the firm's ethics function on whether these services were permissible. The firm's monitoring processes also failed to identify that non-audit services had been provided in contravention of the UK Ethical Standard.
Firm's actions:
We take adherence to Ethical Standards as an absolute and are extremely disappointed that prohibited non-audit services have been provided, no matter how limited.
We have performed a root cause analysis to understand the failure to identify and prevent the provision of these prohibited tax compliance and tax due diligence services.
This analysis highlighted that there was a requirement for an increased awareness of the ethical standards with regards to non-audit services in some circumstances, as well as identifying that improvements were required to assist teams to more easily see a complete listing of entities within groups that contain an audited PIE.
All partners have been very clearly reminded of the importance of ensuring that our policies and procedures are adhered to in all cases.
As well as the increased communication which has already taken place in this area, we will be making further enhancements to our procedures to:
- Provide additional guidance across all service lines to further support our teams;
- Facilitate clearer identification of all entities in a group where we audit a PIE (including those groups containing a PIE, for example those with listed debt);
- Require regular confirmation from partners that they have considered these entities when providing services; and
- Make changes to our systems to more closely monitor adherence to our policies and procedures for those groups which contain a PIE.
Improve the testing of controls including IT general controls
When audit teams plan to rely on controls, they should perform appropriate procedures to assess their design and implementation and to verify their operating effectiveness. Audit teams should also assess related IT controls, where these are integral to the entity's control environment.
We identified the following concerns relating to the audit of controls and IT general controls:
- On one audit, we identified weaknesses in the testing of the operating effectiveness of controls relating to premiums and the accuracy and completeness of actuarial data used in the calculation of technical provisions.
- We identified two instances where improvements were required to the testing of IT general controls and application controls. In one instance, the IT specialists performed insufficient procedures to test IT general controls and in the other the audit team failed to identify manual and/or general IT amendment controls relating to the accuracy and completeness of data.
Firm's actions:
We acknowledge the areas for improvement here and our root cause analysis identified that a key contributing factor to the issue raised in relation to our IT specialists occurred as a result of the high turnover of staff in our specialist team in the year and the consequential time lag in them becoming fully conversant with our audit methodology.
In addition to including the issues identified as a key component of our annual technical training programme later this year, we will:
- Further invest in our IT audit team. This investment includes the recruitment of an experienced IT audit partner who started with the firm in June 2019;
- Provide additional guidance to audit teams as to the appropriate approach where we seek to place reliance on management's review controls, particularly in relation to where there are multiple layers of controls at an audited entity;
- Provide further training to our IT audit specialists to ensure that they are conversant with our global IT General Controls audit approach;
- Issue further guidance to audit teams to assist them in their consideration of how they address the accuracy and completeness of data; and
- Include these findings as areas of focus in the upcoming Quality Monitoring review cycle.
Strengthen the testing of revenue for complex revenue streams and improve substantive analytical review procedures
Revenue is a material component of the income statement and is often identified as a key performance indicator. It is one of the key drivers of an entity's performance and may be open to manipulation as a result. Auditors therefore need to evaluate and address fraud risks in relation to revenue recognition.
We reviewed the audit of revenue on the majority of audits that we inspected and identified the following concerns on one or more audits:
- Weaknesses in the substantive analytical procedures performed over revenue, including a lack of corroboration of inputs into expectations.
- In relation to an insurance undertaking, insufficient testing over the completeness of premium estimates included in the gross written premium and provision for unearned premium.
Firm's actions:
We are disappointed that these issues have arisen given the significant focus the firm has placed on the application of Substantive Analytical Review procedures in our training programmes over the past few years.
Our root cause analysis identified that the audit team did not fully understand all the requirements associated with performing substantive analytical reviews and focussed on setting expectations rather than considering the appropriateness of the input data.
With respect to one audit our analysis concluded that the audit team did not sufficiently challenge management's approach to accounting for an estimate.
We will look to address these issues by:
- Providing specific examples of good practice to illustrate how engagement teams have designed and evidenced high quality substantive analytical reviews;
- Providing a reminder of the firm's approach to substantive analytical reviews in our mandatory audit training sessions to be held later this year;
- Providing specific training to our insurance audit teams in relation to the completeness of an estimate; and
- Including these findings as areas of focus in the upcoming Quality Monitoring review cycle.
Improve the evidence of appropriate challenge in areas of judgement
Effective audits require the appropriate application of professional judgement. Auditors should apply sufficient rigour and challenge to the audit of key areas of judgement and obtain sufficient audit evidence to support their conclusions.
Our last public report included a key finding in relation to one instance where the audit team's challenge in the area of impairment was not appropriately evidenced. We did not identify any findings this year relating to impairment. However, we observed similar issues in other areas of judgement, such as the valuation of investment properties, technical reserves and pensions.
We identified the following concerns, relating to the extent of the audit team's challenge of management, or evidence thereof, on one or more audits:
- Insufficient evidence to support some of the assumptions used in the valuation of a portfolio of investment properties.
- Weaknesses in the audit team's evidencing of the appropriateness of certain economic and non-economic assumptions management used to value the technical reserves provision.
- On another audit, there were no procedures over the accuracy and completeness of information provided to the actuary to estimate the pension obligation. Furthermore, there were insufficient procedures to test the valuation of pension scheme assets.
Firm's actions:
Over the past few years the firm has invested a significant amount of time in developing tools and providing training to audit teams to better equip them to apply appropriate professional scepticism over areas of management judgement. In light of these findings it is clear that additional investment is required to appropriately educate our audit teams.
The root cause analysis we performed in relation to the issues associated with the pension obligation indicated that the audit team did not follow the firm's existing guidance and procedures in this area.
In addition to providing an update of these points in our annual technical training to be delivered later this year, we will:
- Prepare additional guidance for audit teams to enable them to clearly evidence their challenge as to the appropriateness of key management assumptions;
- Enhance our guidance for audit teams in relation to the audit of pension scheme balances and, in particular, the importance of ensuring the accuracy and completeness of the information provided to the scheme actuary and clarify the firm's approach to testing the valuation of pension scheme assets; and
- Include these findings as areas of focus in the upcoming Quality Monitoring review cycle.
Review of firm-wide procedures
Continue to improve the firm's systems and procedures to ensure compliance with the revised Ethical Standard
Our last public report stated that the firm should improve its systems and procedures in monitoring personal independence compliance for partners and staff. The firm has since taken appropriate action to address this finding for partners. For staff, the firm relies on annual fit and proper declarations and does not perform compliance testing on financial interests held by staff or have a system in place to record and track staff interests.
The firm should improve its monitoring procedures for staff financial interests.
Firm's actions:
We are continually looking to improve our systems and processes to ensure we comply with Audit and Ethical Standards specifically and best practice generally. We took a number of positive actions last year with regards to partners and are pleased that they have been successful.
Although no specific breaches were identified during the year or as part of the AQR review in relation to the personal independence of our staff, we have reviewed our processes and are making the following positive changes to strengthen them further:
- Introducing a system of sample testing of the financial interests of non-partner Rls;
- Requiring quarterly independence confirmation for all managers and above within the audit service line; and
- Central monitoring of the independence confirmation for all partners and team members on our PIE audits at a planning and completion stage.
3. Good practice examples and developments in the year
Good practice
We set out below the key areas where we noted good practice, either in audit work on individual engagements or firm-wide procedures.
Individual audit reviews
Involvement of actuarial specialists in the audit of technical provisions
We identified instances where the firm actuarial specialists' interactions with management's experts and their challenge of judgements relating to the valuation of technical provisions were of a high standard.
Testing of the assumptions of Payment Protection Indemnity "PPI” mis-selling provision
In one file review we considered the audit work relating to the valuation of PPI mis-selling provision, which was identified as an area of significant risk, to be of a high standard, particularly with respect to the testing of assumptions using events occurring after the year-end.
Firm-wide procedures
Governance arrangements promoting audit quality including active INE involvement
As reported in last year's report, the firm voluntarily adopts the FRCs Audit Firm Governance Code ("AFGC") and has appointed INEs to the firm's Public Interest Committee. In the current inspection cycle the firm's INEs visited three of the firm's offices as part of "culture meetings", to meet with staff and also separately met with partners. The observations from those meetings were presented to the firm's leadership. This is a good example of active INE involvement.
Developments in the year
Following actions from the firm, we have seen an improvement in relation to most of the key findings highlighted in last year's report.
The firm has enhanced its policies and procedures during the year in a number of areas, including:
- Monitoring and testing partner financial interests.
- Enhanced partner and staff appraisal procedures. The firm developed new partner performance tools, intended to have a clearer focus on audit quality. It also reviewed the objective setting and performance reviews of all partners and audit director RIs (individuals with the authority to sign audit reports) and mandated upward feedback. For staff appraisals, the firm has made changes to its performance management system in order to evidence quality considerations. We will consider the application of these changes next year.
- Delivery of training and revised guidance on loan loss provisions, IT general controls and applying professional scepticism in areas of judgement. We will consider the application of the new guidance for loan loss provisions next year.
We note the co-operation and assistance received from the partners and staff of the firm in the conduct of our 2018/19 inspection.
Audit Quality Review FRC Audit and Actuarial Regulation Division July 2019
This report has been prepared for general information only. The FRC does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it.
© The Financial Reporting Council Limited 2019 The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered Office: 8th Floor, 125 London Wall, London EC2Y 5AS
FINANCIAL REPORTING COUNCIL 8TH FLOOR 125 LONDON WALL LONDON EC2Y 5AS
+44 (0)20 7492 2300 www.frc.org.uk