The inspection of UK firm audits has shown that there are still persistent concerns over auditor independence, fees, IT systems and audits of banks and building societies, according to the UK Financial Reporting Council.
While overall the quality of audits inspected has increased year on year with 60% of all audits assessed as either good or requiring only limited improvements, the FRC has warned that bank and building society audits are still falling short the standard of quality seen in the audits of other entities.
Additionally, 56% of the bank and building society audits reviewed were assessed as requiring improvement by the FRC, however the regulator did say that its inspections included the audits of a number of major financial institutions where issues of significance were identified in the past.
The FRC said that in this group of audits the audit of loan loss provisions continues to be of concern and it is disappointing that we have not seen any significant improvement in this area. "Weaknesses in the testing of loan impairment models and related assumptions were key issues. Insufficient challenge of management or the failure to obtain further evidence to support provisioning judgments were common themes in the issues identified. The audit procedures to test management’s identification of loans subject to forbearance arrangements for both provisioning and disclosure purposes also continued to be a concern," the FRC said.
Non-audit services and independence
One of the main trouble areas identified by the FRC are the breaches of independence as concerns persist that "sufficient consideration is not always given to the appropriateness of providing non-audit services when an entity becomes an audit client or is subsequently listed.
Deloitte, PwC and KPMG all had a special mention of such breaches in their inspection reports with the FRC saying that in one of the inspected Deloitte audits, the firm provided tax advisory services to a listed audited entity, which included advice on transfer pricing arrangements and correspondence with the tax authorities, including defending the entity’s position in relation to certain tax disputes.
In the report on PwC the FRC said that it considered the firm’s provision of non-audit services to audited entities in 11 of the audits reviewed and identified weaknesses in two of them.
" In one case, the firm had developed a forecasting model for an entity when not an audit client. The firm accepted appointment as auditor in the following year. In the year we reviewed, the firm made minor enhancements to the functionality of the forecasting model which was used by the entity for developing forecasts supporting a number of audit judgments".
The second case at PwC was in relation to firm provided accounting advice in the year in connection with a proposed hedging arrangement which should have been treated as a separate non-audit engagement.
In the reviews of PwC, Deloitte and KPMG the FRC mentioned concern over the use offshore entities centres and ensuring the correct oversight of the work undertaken aboard.
Despite only 1% UK audit hours being offshored by Deloitte UK to the firm’s USI centre (a joint venture between the US and Indian firm) the FRC warns that "we understand that the firm is intending to encourage audit teams to allocate USI staff full sections of the audit, in order to give them a better understanding of the work".
"Care is needed in adopting such an approach, given that the USI staff do not visit the audited entity and, therefore, may not always have the necessary understanding of the specific risks associated with the audited entity," the FRC wrote in its report.
At KMPG the FRC said its inspection identified that work undertaken by offshore staff included work on "substantive analytical procedures, reviewing board minutes and reviewing certain third party reports".
"The firm should ensure that such audit work is undertaken by staff with a sufficiently detailed working knowledge of the audited entity in order to be able to identify significant matters."
At PwC despite the commitment to decrease the level of offshoring, "the firm identified certain audit procedures, not involving significant judgment, which it considered appropriate for its offshore service centres to perform", which lead to an increase in the level of audit work carried out by the offshore service centres.
Letterbox company audits
The FRC said that an overall review of the audits of letterbox companies, where virtually all of the work is performed by auditors other than those signing the audit report, continue to raise issues in respect of the control, supervision and review of the audit procedures performed by other auditors.
At EY UK in two of the four such audits, the FRC concluded that significant improvements were required. "In the first of these, the majority of the group audit work was effectively undertaken by a third country EY network firm.
"There was insufficient evidence of the UK firm’s supervision and direction at the planning stage of the group audit the FRC said. For example the FRC could not find evidence of the team’s involvement in the determination and allocation of component materiality levels or their involvement in or review of the inter-office instructions issued by the third country EY network firm. In the second such case the FRC found there was insufficient evidence of the UK partner taking responsibility for leading and supervising the group audit.
The FRC inspection is the tenth consecutive one and is aimed at monitoring firms’ compliance with the regulatory framework for auditing, including the Auditing Standards, Ethical Standards and Quality Control Standards for auditors issued by the FRC and other requirements under the Audit Regulations issued by the relevant professional bodies.
The 2013/2014 FRC inspection cycle reviewed 69 Big Four audits.