Audit Firm Scalebox
Published: 25 September 2023
9 minute read
The FRC is an improvement regulator. We want to work with firms to improve their ability to conduct high-quality audits and promote competition and choice in the Public Interest Entity (PIE) audit market and other audit areas within the FRC’s scope, including major local audits.
We know that firms with smaller PIE audit portfolios or those new to the market face challenges in meeting our expectations and in understanding how we regulate audit firms.
We have launched the Scalebox to assist firms develop and maintain audit quality as they start out in the PIE audit market and as they grow. The Scalebox will also help us to better understand these firms and target our supervision work.
What are the objectives of the Scalebox?
In brief, the objectives of the Scalebox are to:
- improve audit quality at firms in the Scalebox.
- promote resilience in relevant sectors of the audit market.
- support the FRC’s role as an improvement regulator.
- enable the FRC to better fulfil its regulatory objectives.
How does the Scalebox fit in with the FRC’s existing Supervision and Inspection work?
How does the Scalebox fit in with the FRC’s existing Supervision and Inspection work?
The Scalebox is a separate team within the FRC’s Audit Firm Supervision (AFS) team. AFS is part of the FRC’s Supervision division.
AFS, alongside other Supervision division teams (Audit Market Supervision and Audit Quality Review), conducts our formal Supervision and Inspection work for PIE audit firms and their responsible individuals (RIs). The Professional Body Supervision team oversees professional bodies who supervise and inspect non-PIE audits and their RIs.
The Scalebox is a means for existing PIE audit firms to obtain additional input from the FRC. It also, for the first time, enables firms that may come within the FRC’s scope to gain valuable insights from the FRC. Refer to How does the Scalebox communicate findings for more details of how the Scalebox may share information with other FRC teams.
Who can join the Scalebox?
All firms currently in Tier 2 and Tier 3 for FRC Supervision purposes are eligible to join the Scalebox.
Tier 2 firms are subject to more frequent inspection and more extensive supervision activities, including thematic reviews. Not all Scalebox activities may be appropriate for Tier 2 firms and the FRC will keep the participation of Tier 2 firms under review as the Scalebox develops.
We have also created a new ‘Tier 4’ for firms that are considering becoming PIE audit firms or may come within the FRC’s scope for other reasons. These firms will also be able to apply to join the Scalebox which will give them access to the FRC for the first time.
What does the Scalebox do?
The Scalebox is a flexible mechanism for us to engage with suitable firms in areas where they most need help.
The Scalebox team will focus its work on areas where we have common findings, where requirements are changing or where firms need to focus as they grow. These will be identified in conjunction with our Supervision teams, from our general knowledge of the audit market and from issues raised by firms themselves. The Scalebox team will be able to adapt its work to respond to new risks or issues as they arise.
The activities that the Scalebox will conduct will also be flexible. The team will regularly review how it goes about its work and focus on the types of activities that are most effective. The types of activities that we presently envisage the Scalebox may conduct include (but are not limited to):
- a review of aspects of one or more completed and archived individual audits that would not otherwise be in our scope to provide feedback on good practice and areas for improvement. For example, this might include non-PIE audits conducted by a Tier 4 firm. The audit(s) would need to be of a suitable nature or complexity for the Scalebox review to provide meaningful feedback to the firm. We will not review a specific audit that has been reviewed or is planned to be reviewed by a firm’s Recognised Supervisory Body (RSB). Where the Scalebox team intends to review a non-PIE audit as part of a Scalebox activity, it will notify a firm’s RSB of the intended review.
- a review of a particular element of a firm’s audit methodology and audit approach, including examples from relevant completed audits. Such a review might focus on areas where the FRC has common findings, or areas likely to be key audit matters in the firm’s PIE audit portfolio.
- a review of a particular element of a firm’s internal quality monitoring system with feedback on areas of good practice or for improvement. For example, aspects of a firm’s ethics procedures, including those in place or proposed regarding the specific PIE restrictions, root cause analysis or internal quality monitoring. This may be particularly relevant for a firm in Tier 4, or a Tier 2 or Tier 3 firm that is planning to expand the number or complexity of its PIE audits.
- a review of a firm’s actual or proposed governance processes if it has chosen or is planning to adopt the Audit Firm Governance Code (AFGC).
- developing a firm’s understanding of the PIE Auditor Registration requirements, including how to meet and maintain minimum standards, and what happens if they do not.
- assisting firms to understand our Audit Enforcement Procedure, Accountancy Scheme or other Enforcement procedures and our expectations should a firm become subject to an enquiry or investigation.
The Scalebox may conduct thematic work across a group of firms to be better able to benchmark their approaches and share good practice.
After conducting a review, the Scalebox team will decide what further follow up work should be undertaken with the firm.
It is important to note that the Scalebox:
- will not have any involvement in a specific audit prior to it being completed and archived.
- will not provide ‘pre-clearance’ or expressly approve any aspect of: the audit work conducted by a firm; its audit approach; any aspect of its quality management system; or its eligibility for registration with the FRC as a PIE Auditor. Tier 4 firms will be required to demonstrate that they meet the relevant criteria at the point they seek to formally register with the FRC as a PIE audit firm.
- will not prescribe how firms should develop their quality or risk management systems or respond to feedback provided by the FRC. Our role is to identify areas for improvement and share good practices. It is the firm’s responsibility to consider our feedback and to consider, in a timely manner, what action to take in the context of the firm’s business model and quality management procedures.
How can my firm apply?
You may apply for the Scalebox by completing the webform (in MS Forms) at the link below.
If your firm is already in Tier 2 or Tier 3, before completing the application form, you may find it helpful to discuss with your Supervisor whether the Scalebox is appropriate for your firm and in what areas. The Scalebox team may discuss a Tier 2 or Tier 3 firm’s application with its Supervisor.
In your application, you should explain why you wish to join the Scalebox, including details of your audit strategy and the nature and number of PIE or other FRC scope audits that you may be seeking to take on in the near future.
You will also need to demonstrate that improving audit quality is a primary objective for the firm and that the firm is prepared to make the necessary investment.
Before applying to the Scalebox, please read the Scalebox Terms and Conditions.
If you wish to discuss the application process or find out more about the Scalebox before applying, please contact [email protected]
We will select firms to participate in the Scalebox based on our assessment of the information set out in a firm’s application and other information available to us, including our knowledge and understanding of the firm’s audit strategy and quality risks posed by the firm. If a firm’s application is rejected, we will explain the reasons for our decision and what the firm could do to make a successful future application. Our decision as to whether to select a firm to participate in the Scalebox will be final.
What happens when I join the Scalebox?
Once you have submitted your application, the Scalebox team will contact you to confirm whether we consider your firm is suitable and, if so, to discuss any specific activities you are seeking to take part in.
We will aim to provide you with as much notice as possible of which of the activities the Scalebox team plans to conduct with your firm, to assist your resource planning. If we are unable to undertake any activities with your firm at this point in time, we will indicate where possible when we may be able to consider your firm again.
Once Scalebox activities are underway, it is likely that we will need your firm to provide relevant information. You must ensure that information provided is complete and accurate. You must also consider whether the information may lawfully be provided to the FRC, paying particular attention to confidentiality obligations, data protection legislation and any material covered by legal professional privilege. See also the Terms and Conditions for further information on a firm’s confidentiality obligations.
At the conclusion of any activities, we will consider and discuss with you whether any further activities or follow up work are appropriate.
All firms in Tier 2, Tier 3 and Tier 4 may also be invited to events where we share good practice and other insights, whether or not the firm has been accepted into the Scalebox.
How does the Scalebox communicate findings?
A primary focus of the Scalebox is providing bespoke feedback to individual firms.
We know that firms would like the Scalebox to be a ‘safe space’ for them to obtain FRC input, therefore, the Scalebox will operate on a general principle that information gathered during Scalebox activities will not be shared with any other party.
However, exceptions to this will need to be made where a disclosure is:
- deemed by the FRC to be necessary in the public interest.
- to facilitate co-ordination with regulatory activities being undertaken by the FRC or a firm’s RSB and does not include the outcome of Scalebox activities, for example to avoid both the Scalebox team and an RSB reviewing the same audit.
Public interest disclosures will be made only to the following:
- the FRC’s PIE Auditor Registration team and/or an RSB’s Registration Committee: for example, if issues identified are considered to be of public interest in the context of a firm or an RI’s eligibility to be registered.
- the FRC’s Case Examiner or an RSB’s disciplinary team: for example, if the issues identified are considered to be of public interest in the context of taking action to address deficiencies in an individual audit (in relation to the ISAs or the Ethical Standard) or breaches of other requirements such as an RSB’s Code of Ethics.
- persons specified or described in Parts 1 and 2, Schedule 11A Companies Act 2006, for example, the FCA or the PRA.
We will operate an internal process for making public interest disclosure decisions. Such decisions will have regard to the General principles for considering the public interest in our work, published in November 2022. For example, we will assess the nature, severity and public impact of the matter. We will not seek the consent of a firm before making such a disclosure but will notify a firm that a disclosure has been made unless such notification would cause the FRC to be in breach of any obligation, regulation or legislation.
For the avoidance of doubt, our expectation is that consideration of investigation or enforcement action in relation to a specific audit would fall to the FRC in relation to a PIE or other audit within the FRC’s scope; or the firm’s RSB for non-FRC scope audits. However, the FRC may consider whether to reclaim from the RSB any matter involving a non-FRC scope audit.
Once a disclosure has been made, the information disclosed will be subject to the normal processes operated by the party to whom the disclosure has been made. For example, disclosures to the FRC’s Case Examiner may then be referred to the FRC’s Conduct Committee to determine whether an investigation should be opened.
We may also report, internally or externally, anonymised themes, lessons or findings from Scalebox activities. The FRC will seek the consent of a Scalebox firm (or any audited entity) before externally publishing any information that may identify the details or outcomes of any Scalebox work conducted with that firm (or in relation to the audit of that entity). However, the FRC may publish the names of firms that have participated in the Scalebox.
Where can I get more information on how the FRC regulates audit firms?
We have recently refreshed our Approach to Audit Supervision which provides an overview of our regulatory approach.
We have also recently published What Makes a Good Smaller PIE Audit Firm which provides an overview of our quality expectations and our approach to supervision, aimed particularly at firms with smaller PIE audit portfolios or those considering entering the PIE audit market.
See also our pages on PIE Auditor Registration. Registration with the FRC is the first step for a firm considering entering the PIE audit market. Firms and relevant RIs must be registered with the FRC before they are permitted to conduct any audit work on PIEs. Contact our Registration team ([email protected]) for more details.
What else is the FRC doing to help firms enter or grow in the PIE audit market?
As well as publishing auditing standards and related guidance, the FRC reports extensively on our findings from supervision and inspection work as well as producing numerous thematic reviews every year. These reports contain insights into good practice examples that we have seen, as well as pitfalls and where we see common quality gaps. Reading these documents will provide firms with extensive examples that they can apply to their own practices.
Follow the links on this page to some of our key recent publications. Firms can also sign up for FRC subscriber notes to keep on top of our new publications.
Another innovation is the Audit & Assurance Sandbox. This is an initiative of our Regulatory Standards division which is designed to lead a collaborative and innovative approach to identifying and developing solutions to technical and policy issues in the audit and assurance space. Read further detail on our current Sandbox projects.
Participation is by invitation, but applications to be considered for individual Sandbox projects can be submitted to [email protected].