(c) Chartered Accountants Australia and New Zealand. Contact Chartered Accountants Australia and New Zealand for permission to reproduce this article., Audit and Assurance

A roadmap to the future of audit

How can the public’s confidence and trust in audit be strengthened? CA ANZ has developed a 15-point plan.

By Lynda Dugdale

A good audit is all about trust. Can you trust the numbers? Can you trust the finance team that crunched the numbers? Can you trust the audit partner? Can you trust the audit committee to have asked the right questions?

In the vast majority of cases, the answers are yes, yes, yes and yes.

But a member of the general public could be forgiven for thinking otherwise, based on media coverage of late.

In recent years, the audit profession globally has faced a barrage of regulatory reviews and inquiries that have created a rash of sensational headlines, including those bemoaning “appalling” audit quality and calling to break up the Big Four.

It hasn’t been the most nuanced public debate. That’s a shame, given audit quality is so vital for markets and the economy. Leading accounting and audit industry bodies such as the International Federation of Accountants (IFAC), the Association of Chartered Certified Accountants (ACCA) and Chartered Accountants Australia and New Zealand (CA ANZ) are at the forefront of advocating for stronger audit quality frameworks. This has been the case since long before the UK’s Brydon Review into the effectiveness and quality of audit started making headlines around the globe.

The inquiry, headed by the outgoing chair of the London Stock Exchange, Sir Donald Brydon, is due to report by mid January 2020. It was launched after the collapse of UK construction giant Carillion in 2018, which is forecast to cost UK taxpayers £148 million (A$279 million).

In Australia, a Parliamentary Joint Committee inquiry into the regulation of audit is due to report by March 2020. Professor Roger Simnett AO, chair of Australia’s Auditing and Assurance Standards Board (AUASB), welcomes the inquiry but stresses the need for a calm and informed debate.

“We need to make sure that the criticism and reviews are as evidence-based as possible,” Simnett says. “It’s incumbent on all the parties to provide as much evidence to support their views as they can, so that we can take these forward.

“Let’s make sure it’s run on Australian issues and not on overseas issues. I know it’s an international profession and it’s an international economy, but let’s bring to these inquiries the best evidence we can from Australia.”

What is CA ANZ’s plan for audit quality?

It’s important to acknowledge that audit quality standards in Australia and New Zealand are already high and subject to some of the strongest regulatory frameworks in the world, notes CA ANZ reporting and assurance leader Amir Ghandar CA. That said, Ghandar doesn’t shy away from a real opportunity to further strengthen audit quality frameworks.

“CA ANZ have long been at the forefront of advocating for better standards and other reforms to strengthen the audit quality ecosystem, and we are continuing to do that,” he says.

In its submission to the current parliamentary inquiry, CA ANZ unveiled a 15-point roadmap to the future of audit and risk. It has three priority areas:

  • increasing public confidence in audit
  • ensuring the continued relevance of audit scope and risk coverage
  • continued strengthening of audit quality.

CA ANZ developed the plan following input from members, investors, regulators and other stakeholders.

“The public has a fair and reasonable expectation that auditing and other lines of defence will protect them from risks and shocks in their financial and consumer lives, and will similarly provide confidence, integrity and transparency in business,” Ghandar says.

“There is a need to revisit independence rules and the assessment of how conflicts of interest are mitigated in an effort to keep pace with expectations.”

Fewer conflicts of interest, more confidence

Concerns, both real and perceived, about auditor independence pose a threat to public confidence in audit. This is especially true with large firms that perform audits and also house large consulting practices, and when organisations have developed close relationships with their auditors over many years.

In Australia, there is currently no legal requirement for organisations to rotate their audit firm (although periodic rotation of the lead audit partner is obligatory). CA ANZ has recommended that major listed companies and financial institutions review their audit provider at least every 15 to 20 years and, when audits are not put out to tender, to report why.

Some pundits have voiced concerns about the potential risk of auditors turned company-directors using their relationships with former colleagues to influence the outcome of an audit. To combat this perceived risk, CA ANZ suggests that when a former audit partner joins a board, the entity should be prohibited from appointing the director’s former employer as its auditor for at least five years.

CA ANZ has also called on companies to be more transparent about their reasons for removing an auditor, and for greater regulatory oversight of auditor removals.

In addition, CA ANZ recommends strengthening the prohibitions on non-audit services that firms can provide to their audit clients, as well as clarifying fee disclosures.

Scope to cover all relevant risks in audit

Ghandar says CA ANZ would like to see a government review of the ‘seven lines of defence’ in audit: management; compliance and risk; the internal audit function; the board; the external auditor; regulators; and institutional investors.

One of the biggest challenges for the audit profession when it comes to maintaining confidence is that the public’s understanding of what auditors do is very different to the actual scope of their role.

This has been true for decades. It’s compounded every time a company collapses and politicians and commentators cry foul that the auditor did not prevent the impending disaster. Ensuring the ongoing viability of a company’s strategy is not the job of its external auditor but rather of its management and, ultimately, its board.

Even so, the consensus now is that the business environment has become so complex the scope of audit does need to evolve; not just to satisfy the public, but to provide a best-in-class service that genuinely adds value.

Historical financial statements are no longer enough. Investors want to know about fraud and misconduct, cybersecurity and data privacy issues, consumer protection in financial services, whether the company uses its resources in an environmentally sustainable way – even the sustainability of the business model.

It’s worth noting that the 2019 Australia Investor Confidence Survey, conducted by CA ANZ with the help of the Center for Audit Quality (CAQ) in the US, found that 87% of retail investors have confidence in public companies’ audited financial reporting. But clearly there is still potential for improvement.

CA ANZ has called on corporate boards, in particular their audit and risk committees, to do a better job of reporting on the threats to their business model. CA ANZ is also urging directors to clarify accountability for internal controls and risk management, and to develop an integrated line of defence against key operational and emerging risks – including cybersecurity and data threats, fraud, misconduct and consumer protection.

CA ANZ is also recommending mandated digital corporate reporting. Ghandar says this would allow for more consistent, customised financial disclosures, while apps could provide bespoke analysis of data for different stakeholder groups.

Mandated digital reporting would also open up the possibility of more timely and continuous assurance. Rather than an auditor coming through once or twice a year, it could be done on an ongoing basis.

“That has to be the way forward,” Ghandar says, but he warns standards will have to keep pace.

Clarifying regulatory oversight

The 2017-18 audit inspection report, released in early 2019 by the Australian Securities and Investments Commission (ASIC), found that in 24% of 347 key audit areas, auditors in Australia failed to obtain reasonable assurance that financial reports were “free from material misstatement”.

This followed a 25% failure rate in 390 key audit areas recorded in the previous 18-month period – a result former ASIC boss Greg Medcraft was widely reported as describing as “appalling”. ASIC commissioner John Price said the latest numbers represented an improvement at the largest six firms but suggested that “further work and, in some cases, new or revised strategies, are needed to improve quality”.

However, many in the industry have noted that the phrase ‘failure rate’ makes the results sound worse than they are and is confusing for the public.

While CA ANZ acknowledges the scope for improvement, the organisation wants more clarity about this area of regulatory oversight. CA ANZ would like ASIC to develop an audit quality scorecard with a three-grade severity scale applied to all audit inspection findings.

“Transparency is one way to address the confusion of those inspection results,” Ghandar says.

CA ANZ has also called on companies to clarify and formalise the remit for their audit committees, to make them more independent from management decisions in relation to procuring resources, determining fees and setting the scope of the assurance engagement.

CA ANZ also recognises that more needs to be done to improve auditors’ fraud detection skills.

What is the case for multidisciplinary firms?

In addition to the Brydon Review, another UK inquiry that made headlines in 2019 was the Competition and Markets Authority’s (CMA) statutory audit services market study. Its final report, released in April, considered whether professional services firms should be forced to split off their audit arms altogether.

The CMA found against this idea, on the basis it would actually be detrimental to audit quality; instead, it opted for more internal operational separation between auditing and other divisions within firms. The CMA did note that if other measures to improve competition in the UK audit market were unsuccessful, it might reconsider the question in five years.

Would splitting up the Big Four (Deloitte, EY, KPMG and PwC) be the answer to improving confidence in audit quality? A recent joint report from IFAC, ACCA and CA ANZ concludes it would not.

The report, Audit Quality in a Multidisciplinary Firm: What the evidence shows, argues that multidisciplinary firms have serious advantages when it comes to meeting expectations of an increasingly broad scope of audit work and can deliver this with integrity and independence.

Maggie McGhee, executive director, governance at ACCA, says multidisciplinary firms contribute to, rather than detract from, audit quality because of the knowledge experts they bring to the table. The career opportunities they offer allow them to continue to attract the brightest and best.

“Audit has gone through a huge evolution over recent years as businesses have become more complex – in the nature of what they do but also in the business models they [employ]. To undertake a good-quality audit, it’s really important that specialists are engaged,” McGhee says.

Audit Quality in a Multidisciplinary Firm found that audits require staff with a range of experiences and expertise – such as valuation specialists, actuaries, geologists, and experts in financial instruments and information technology.

Geoff Roberts FCA, who is chief financial officer at employment and education group Seek, says the varied skillset multidisciplinary firms bring is essential. Roberts has a strong background in audit himself, including 25 years at Deloitte, a stint as chair of the audit committee at AMP and more than a decade as a CFO at ASX-listed companies.

“I’ve seen it from both sides,” Roberts says. “I’d be very disappointed and I think the quality of audit would go down if the Big Four broke off their audit practice or their audit and tax practice. They wouldn’t be able to retain the talent to give us the other views that we’re expecting in a normal audit or wider advice on the financial statements.”

Kevin Dancey, chief executive of IFAC, argues that it’s critical an audit practice has the right people with the right talent, the right sense of judgement and professional scepticism – particularly within the audit partner.

“We need to have a business model that attracts those types of people and a multidisciplinary firm has a much higher chance of attracting the skillset you need in the audit partners than an audit-only firm,” Dancey says.

He points to several studies, including one the Institute of Chartered Accountants Scotland and the UK’s Financial Reporting Council conducted in 2016, that demonstrate the benefits of audit firms having a wide range of expertise in-house.

CA ANZ’s position is that multidisciplinary firms have an important role to play in providing high-quality audits for large and complex entities.

“It’s part of the deal that the transparency, governance and independence rules must carry the weight of making sure there is public confidence in the firm,” Ghandar says. “A firm that has audit as well as other services must be able to demonstrate that a firm-wide culture of integrity will provide the right incentives for high-quality audits.”

AUASB chair Simnett says the scrutiny of the multidisciplinary firm model is understandable, given the public interest in audit work.

“Audit has a public-interest element to it. We audit on behalf of the public or the stakeholders,” he says. “The other elements of these multidisciplinary firms have much more of a consulting basis – they’re done for the benefit of the client. I think it’s incumbent on us to keep an eye on these things to ensure the auditing, as such, is not being adversely affected.”

He does not believe, however, that there is any evidence the multidisciplinary firm model is harming audit independence or quality. “I know of no evidence that it is being adversely affected,” he says.

Simnett notes that the Code of Ethics issued by Australia’s Accounting Professional & Ethical Standards Board already provides tight controls on which non-audit services can be provided to audit clients and current revisions indicate the code will probably impose an even harder line in the future.

Embrace technology to future-proof audit

PwC Australia managing partner, assurance, Matt Graham FCA says the latest parliamentary inquiry into audit is an opportunity for all players in the ecosystem to contribute ideas about how quality can continue to improve.

“It’s time for not just the profession of auditing but for all the people involved in preparing, reviewing and regulating financial statements… to lean into that discussion and talk about what a future-focused, technology-enabled, relevant audit looks like in the future,” Graham says.

He believes that the scale of large multidisciplinary professional services firms contributes to audit quality because they can invest in market-leading technologies, advanced data analytics, quality processes and continued learning and development for staff.

“The smaller you potentially make the firms, the less opportunity for investment in the future,” he says.

This is especially true at a time when the potential for emerging technologies to revolutionise the delivery of audit services is so huge. Already, robotic process automation can speed up tasks such as reconciliation, enabling auditors to spend more time challenging findings and asking more insightful questions about complex business operations.

The ACCA’s McGhee notes that technology-enabled processes give audit committees access to richer data about the company, which means they can more fully engage with the work being undertaken – leading to more informed questions, challenges and insight.

Continued advancements in machine learning and other fields of artificial intelligence are tipped to further alter audit in the next few years. Likewise, blockchain, with its promise of an immutable ledger, is another nascent technology expected to have a profound effect in the fields of audit and assurance. Even drone technology is starting to be applied in these areas. Keeping pace is a challenge the profession is ready and willing to tackle.

“We have to adapt,” says AUASB chair Simnett. “If we don’t, then the product we are producing and the service we’re producing will become out of date and the profession will be doing just a small amount of what it could possibly do.”

Ghandar concurs: “The profession is ready for change and is embracing it. We have to be head and shoulders above other groups and industries because we have a privileged place of trust and we have to work to maintain that.”

15 steps to strengthen audit quality and risk management

CA ANZ’s 15-point audit quality roadmap covers three key areas: public confidence in audit, the relevance of audit scope, and strengthening audit quality.

Confidence

Independence rules and how potential conflicts are mitigated should keep pace with public expectations.

1. Clarify and strengthen non-audit services independence rules:

(a) Strengthen prohibitions on non-audit services provided by firms to companies they audit.

(b) Pre-approval by audit and risk committee for non-audit services.

(c) Clarification of fee disclosures.

2. ‘If not, why not’ governance review of audit tenures: Review of auditor appointments across major listed companies and financial institutions every 15-20 years.

3. Stricter relationship independence rules: Where a former audit partner joins a company board, their previous employer should not be allowed to audit that company for five years.

4. Enhance firm transparency and governance: Audit firms to report on what they are doing to oversee the compliance, quality and independence of their audits.

5. Introduce transparency and oversight of auditor removals: Companies should disclose the reasons for removal of auditors.

Relevance

Addressing risks to business, such as fraud and misconduct, must involve all lines of defence.

6. Integrated lines of defence on risks facing business and consumers: Develop an integrated approach to lines of defence on key risks facing businesses and consumers, such as cyber/ data risks, fraud, misconduct and consumer protection.

This should encompass the roles of:

  •  management/CFO
  • compliance
  • internal audit
  • board/audit and risk committee
  • external auditor
  • regulators
  • institutional investors.

7. Clarify accountability for the internal control environment and risk management: Reporting on internal risk-management frameworks.

8. Corporate reporting clarity and relevance: Mandate digital reporting and support continued engagement with international standard-setters.

9. Transparency on business failure risks: Reporting on key risks to business continuity and how these are mitigated.

10. Don’t overburden smaller businesses: Audit arrangements should be proportionate to the size and nature of the business.

Quality

Improving audit quality demands robust oversight and the continuous sharpening of auditors’ skills.

11. Clarify regulatory oversight on audit quality: Support ASIC’s development of a balanced scorecard on audit quality; bring in three-grade severity scale for inspection findings.

12. Formalise audit and risk committees: Clarify the committee remit; enhance the committee skillset; implement safeguards for independence from management.

13. Engage investors with the audit: Engage investors in auditor appointment and fee setting through audit and risk committee chair reporting, and involvement at annual general meetings.

14. Multidisciplinary firms with reinforced independence and transparency: Implement strong independence rules for auditors within multidisciplinary firms.

15. Improve auditors’ fraud detection skills: Implement profession-wide fraud detection training for auditors at all levels.