Sir Donald Brydon’s independent review into the quality and effectiveness of audit (the Brydon Review) was published yesterday – all 135 pages of it. It is an excellent piece of work covering a variety of issues and making 65 recommendations, a number of other proposals and suggestions, intended “together to stimulate improved quality and effectiveness of audit in the UK. They relate not only to the work undertaken by the auditor but to the part played by others in relation to the audit”.
If all the recommendations are adopted, they will make significant changes to a number of aspects of the work of the audit committee and of the company secretary or governance professional who supports it. Although in many cases they are applicable only to the FTSE 350, it is likely that many of the proposals will be adopted more widely across the market and across sectors.
“The recommendations encompass:
- A redefinition of audit and its purpose;
- The creation of a corporate auditing profession governed by principles;
- The introduction of suspicion into the qualities of auditing;
- The extension of the concept of auditing to areas beyond financial statements;
- Mechanisms to encourage greater engagement of shareholders with audit and auditors;
- A change to the language of the opinion given by auditors;
- The introduction of a corporate Audit and Assurance Policy, a Resilience Statement and a Public Interest Statement;
- Suggestions to inform the work of BEIS on internal controls and improve clarity on capital maintenance;
- Greater clarity around the role of the audit committee;
- A package of measures around fraud detection and prevention;
- Improved auditor communication and transparency;
- Obligations to acknowledge external signals of concern;
- Extension of audit to new areas including Alternative Performance Measures; and
- The increased use of technology.”
Regular readers of our technical briefings, and of articles in Governance and Compliance magazine, will know that our consistent position on all the various consultations relating to the audit profession has been that there are three principal issues that fall to be resolved:
- clarification of the role of audit in order to reduce the huge perception gap that exists between the political, press and public expectation of the role of audit and that which an auditor would perceive it to be;
- fostering a greater spirit of professional scepticism among auditors to remove, or at least reduce, the ‘delivery gap’ that the Financial Reporting Council and others have identified between auditor performance and existing audit requirements; and
- increasing confidence on the part of companies, investors and some regulators in the ability of smaller auditors to perform to the same standard as members of ‘the Big Four’.
We are therefore delighted to see recommendations from Sir Donald that “the Audit, Reporting and Governance Authority (ARGA) together with auditors and the Plain English Campaign produce an appropriately concise guide to audit, explaining clearly what the different elements of an audit report mean as redefined in this Report, and what, just as importantly, they do not mean”, and that ARGA creates “a new profession of corporate auditing … with appropriate education and authorisation” and training to ensure that those auditing companies are appropriately skilled for the purpose.
The Brydon Review goes further to recommend that the purpose of audit be clearly defined in law and regulation as “to help establish and maintain deserved confidence in a company, in its directors and in the information for which they have responsibility to report, including the financial statements.”
The review also makes a number of recommendations around the responsibilities of the audit committee and its chair and the disclosures that the audit committee must make in the annual report.
Some of the other recommendations relating to governance issues include:
- That the directors should set out in a Public Interest Statement (as part of the Strategic Report) how they view the company’s legal, financial, social and environmental responsibilities to the public interest. This Statement should explain how the company has discharged its self-declared public interest obligations and responsibilities, what actions it has taken to mitigate any externalities it has caused during the period, and how effective these actions have been.
- That the audit report should include a new section in which the auditor states whether the company’s section 172 statement is based on observed reality, on the basis of the auditor’s knowledge of the company and its processes.
- That the directors’ Risk Report should be published prior to the audit committee meeting at which the scope of the next audit is determined and endorsed, leaving sufficient time for shareholders to comment.
- Alongside, the audit committee should publish a formal invitation to shareholders to express any requests they have regarding the areas of emphasis they wish the auditor to incorporate in the audit plan. The audit committee should state the auditor’s proposed materiality levels for the forthcoming audit with this invitation.
- That a standing item be added to AGM agendas: questions to the chair of the audit committee and to the auditor.
- That the audit committee publish a three-year rolling Audit and Assurance Policy which would be put to an annual advisory vote by shareholders for approval at the Annual General Meeting.
- That a simple mechanism to enable the workforce to raise issues around risks and assurance should be developed in each company, so that the designated director (or other mechanism) be the recipient of those inputs. The company should then have an obligation to respond to the workforce as to the way in which it has reacted to their requests.
- That the Government gives serious consideration to mandating a UK Internal Controls Statement consisting of a signed attestation by the CEO and CFO to the Board that an evaluation of the effectiveness of the company’s internal controls over financial reporting has been completed and whether or not they were effective, as in SOX 302(c) and (d). This attestation should be received by the Board no later than 28 days before the accounts of the company for the relevant financial period are signed. The Board should then report to shareholders that it has received such an attestation.
- That the board should make a Resilience Statement that incorporates, enhances and builds on the [current] Going Concern and Viability Statements.
- That any Key Performance Indicators used for the purpose of calculating executive remuneration should be subject to audit.
- That amendments are made to the Companies Act to clarify and strengthen the process by which auditors and companies inform shareholders and other stakeholders of an auditor’s resignation, dismissal or decision not to participate in a retender.
- That on the resignation or dismissal of its auditor the company would be required to hold a General Meeting, within 42 days of receiving the letter of resignation or sending a notice of dismissal, at which the departing auditor would be required to answer questions from shareholders; the Board would be required to explain how it proposes to appoint a new auditor and manage the transition, consistent with its Audit and Assurance Policy.
- That audit committee minutes be published with a time-lag of 12-18 months and with approved redactions.