By Noreen O’Halloran
Noreen O’Halloran considers what the European Union’s Audit Reform project means for audit committees and statutory auditors alike.
The European Union’s (EU) Audit Reform aims to improve the quality of statutory audits and re-establish shareholder confidence and public trust in the statutory audit process. It imposes a number of requirements on the statutory auditor of public interest entities (PIEs) in the EU in respect of several areas such as independence, execution of audits and organisation of statutory audit firms. It also imposes requirements on PIE audit committees to monitor and manage the statutory audit process. Significant enhancements in audit quality are expected to result from these new requirements, but they do not come without imposing additional burden and cost on both PIEs and their statutory auditors.
The August and October issues of Accountancy Ireland featured articles on the changes as a result of the transposition of the EU Audit Directive into Irish law, which took effect on 17 June 2016. Insofar as the rules relate to the conduct of statutory audits or the duties of statutory auditors, the rules are effective for financial years beginning on or after 17 June 2016.This article will focus on the aspects of EU Audit Reform that are designed to enhance audit quality and will impact on audit committees and statutory auditors when complying with the legislation. The legislation introduces significant enhancements to the communication required to be provided by the statutory auditor of a PIE in its audit report and its report to a PIE audit committee. There are also new responsibilities for PIE audit committees in this regard.
Auditor communications and audit committee responsibilities
The new requirements relating to audit reports aim to enhance the value that audit reports provide to shareholders. For financial periods beginning on or after 17 June 2016, the audit report for a PIE will include a description of the most significant risks of material misstatement of the financial statements; a summary of the auditor’s response to those risks; and, where relevant, key observations relating to those risks. These requirements will provide additional insight into the audit process and help increase the value of the audit report for shareholders by providing detailed information about the most significant risks and any critical judgements made during the audit. More informative audit reports will aid shareholders’ knowledge of the PIE and go some way to closing the expectation gap regarding the assurance provided by the statutory audit. These requirements are already in place for entities applying the UK Corporate Governance Code and have been well received. The scope is now extended to all PIEs.
The statutory auditor of a PIE is also required to provide an additional report to the audit committee. This report provides the audit committee with more detailed information such as the methodology used to test the balance sheet captions, distinguishing between direct verification and system and compliance testing, quantitative level of materiality and the qualitative factors considered in setting it. Some of this information may have been previously provided to the audit committee, but it has now become a legal requirement to provide it to a PIE audit committee. The report to the audit committee and the audit report are expected to promote greater transparency around the audit process, thus improving the audit committee’s understanding of key audit issues and how the auditor addresses them. This will ultimately enhance the quality of the audit by allowing the audit committee to better understand and, where necessary, challenge the audit approach.
The legislation sets out additional responsibilities for audit committees, which include overseeing the audit tender process, ensuring that the audit proposals are fairly evaluated and recommending to the board the statutory auditor they believe should be appointed. The audit committee must approve all non-audit services (NAS), while focusing on threats to independence and determining whether appropriate safeguards are in place. Some of these requirements may already be undertaken by the audit committee as best practice, but they are now enshrined in law. Audit committees may need to carry out a gap analysis to identify the steps they need to take to comply with their legal obligations.
The legislation has positive aspects in terms of auditor reporting and audit committee responsibilities, which should enhance audit quality. It is not without its drawbacks, however. The requirements placed on PIE audit committees – in particular regarding the monitoring of auditor independence for EU cross-border groups – will be demanding for PIE audit committees to fulfil.
The Regulation and Directive provided numerous options for member states to implement the various provisions into national law. Member states could expand the definition of a PIE within their jurisdiction. They may permit an extension to the audit tenure period before rotation is required following a tender process, or impose requirements on key partner rotation for a period of less than seven years. Member states may restrict additional NASs or allow the provision of certain tax and valuation services, or impose stricter rules on the NASs’ fee cap. This flexibility has resulted in a patchwork of rules across different EU jurisdictions.
As the legislation is interpreted not to apply extra-territorially, the NAS rules of each jurisdiction will apply to the NASs in the respective jurisdiction. This will become increasingly burdensome and costly on groups operating in a number of member states as they will be required to monitor compliance with local member state rules for all NASs provided to the PIE, its EU parent or any EU-controlled undertaking.
Mandatory firm rotation
The flexibility available to member states when transposing the Directive into local law means that the maximum period permitted before audit firm rotation following a tender process will vary from jurisdiction to jurisdiction. In Ireland, the maximum period before rotation for a PIE will be 10 years. Other member states, including the UK, have opted to permit that the period before rotation be extended for a further 10 years following a tender process, to a maximum period of 20 years. Audit committees of groups with PIEs located in different EU jurisdictions will need to monitor the maximum length of time that an audit firm may be permitted to be engaged as statutory auditor for each individual jurisdiction. As a result of the various options member states have availed of, it will likely not be possible for an entire group to have the same statutory audit firm for the maximum permitted time of 20 years. A group may opt to rotate all auditors for each of the jurisdictions at the shortest maximum permitted time for any one jurisdiction or use a number of different audit firms. Either option will increase the workload of the audit committee due to the reoccurring tender processes. The same issue will apply for a non-EU parent with PIE subsidiaries.
The perception may be that long-standing relationships between a PIE and its auditor results in the auditor becoming overly familiar with the company’s management and running the risk of losing its professional scepticism. However, mandatory firm rotation (MFR) may not be the best way to address this, as MFR may come at the expense of audit quality. Cumulative knowledge about a PIE’s business and the environment in which it operates is essential to ensuring a quality audit. A statutory auditor’s need to be familiar with the PIE and how it operates should not be confused as over-familiarity with management.
Partner rotation requirements, which in Ireland require key audit partners of a PIE to rotate at least every five years, captures substantially all the benefits of MFR in respect of independence and professional scepticism, but in a more cost-effective manner with less disruption for the PIE. Additional costs and disruptions will be incurred by PIEs during the audit firm rotation process, and MFR may risk losing efficiencies from previous audits. The PIE will also incur additional time and costs through providing information to new auditors every 10 years. Furthermore, MFR may result in reduced competition and choice in the marketplace by eliminating the incumbent auditor from the tender process, and possibly other firms due to their provision ofprohibited NASs.
In the US, the Public Company Accounting Oversight Board (PCAOB) looked at the concept of auditor independence arising from MFR but its Chairman, James Doty, confirmed in 2014 that it was no longer working on a project to impose a limited term on auditor relationships. In 2016, PCAOB board member, Jeanette Franzel, noted that PCAOB has made significant progress in improving audit quality which has restored investor confidence. It is interesting to note that PCAOB recognises that significant improvements in audit quality have been achieved without the need to mandate auditor firm rotation.
Ireland has taken the derogation available for tax and valuation services. The UK took the derogation also, but amended it to exclude any tax work that would have more than an inconsequential effect on the audited financial statements. Other member states have not availed of the derogation at all.
These new rules will require advance planning by PIE audit committees and ongoing monitoring of all services provided by audit firms. Audit committees of PIEs with subsidiaries in other member states will need to ensure that the statutory auditors of their subsidiaries are independent with regard to the independence rules in the relevant member state. An increased burden on PIE audit committees is likely as they will need to understand and monitor the compliance of the auditor with independence rules in each member state, as the rules have not been implemented in a uniform way.
Standard setter and supervisory functions
The legislation provides for the independent supervision of statutory auditors, which will be centrally coordinated within Europe by the Committee of European Auditing Oversight Bodies (CEAOB). The Irish Auditing and Accounting Supervisory Authority (IAASA) has been appointed as the competent authority for adopting ethical and auditing standards in Ireland, while the Financial Reporting Council (FRC), the competent authority in the UK, has adopted ethical and auditing standards for auditors of UK entities with effect for periods beginning on or after 17 June 2016. As the audit profession undergoes one of the most significant changes in its history, the FRC has responded by issuing one set of ethical and auditing standards that captures all the requirements arising from EU Audit Reform.
IAASA has not yet clarified the audit framework that will apply in Ireland, which creates significant uncertainty for PIEs and statutory auditors in Ireland. IAASA issued a public consultation paper on27 October 2016 to seek views on which audit framework should be adopted. It is IAASA’s intention, subject to a licence agreement, to temporarily adopt an Irish version of the FRC’s audit framework in respect of periods beginning on or after17 June 2016.
IAASA outlined in its consultation paper three options that it is considering as a longer-term solution. The optimal approach for Ireland would be for IAASA to develop an audit framework similar to that of the FRC, which would give a single set of ethical and auditing standards to be applied in Ireland. The alternative may be an audit framework that includes an assortment of professional standards and legislation encompassing a new IAASA Ethical Standard, International Standards on Auditing issued by the International Auditing and Assurance Standards Board (IAASB) combined with Regulation 537/2014, SI 312/2016, and Companies Act 2014 (if applicable). This type of audit framework would result in significant additional effort in the execution of audits of Irish entities.
Independent supervision of statutory auditors is a welcome development. IAASA is now the overall body responsible for oversight of statutory auditors in Ireland. Its remit includes overseeing statutory auditors and the conduct of how statutory auditors carry out audits. It also has the ability to carry out investigations regarding possible breaches of legislation, auditing standards and certain provisions of Companies Act 2014, and to impose sanctions on auditors where any breaches are identified. Recognised Accounting Bodies (RABs) are no longer responsible for the supervision of PIE audits. It is likely that RABs will continue to inspect non-PIE audits, however. This dual inspection of audit firms will increase the cost of supervision and monitoring of statutory audit firms, as audit firms will be levied with the costs arising from IAASA’s Audit Inspection Unit in addition to the fees levied by the RABs.
Re-establishing shareholder confidence and increasing audit quality is critical and the new rules will help address these issues. Enhancing the information provided in the audit report and also the additional information provided to the audit committee will lead to improved public trust and audit quality.
The new legislation promotes the fundamental principles of integrity, objectivity and independence, and plenty of opportunities lie ahead to better serve shareholders. But this does not come without additional cost and effort for PIEs and statutory auditors arising from the effects of MFR, monitoring NASs in cross-border groups, and navigating the increased complexity arising from the legislation.
The legislation has provided for independent supervision of statutory auditors across Europe. The PCAOB has noted that audit quality has improved since the implementation of audit regulatory oversight in the US. However, the inspections of audit firms by both IAASA and RABs will lead to additional costs for audit firms in Ireland. A strong, independent audit committee is critical to ensuring that audit quality is to the fore. Whether the costs of implementing the legislation will be outweighed by the benefits for shareholders arising from increased audit quality and enhanced public trust in statutory audits will remain a question for many years to come.
Noreen O’Halloran ACA is an Associate Director in KPMG’s Department of Professional Practice.