Five years into the project to reform audit and the audit market following the collapse of Carillion in 2018, there is disappointment at the government’s progress so far.
Despite numerous reports and parliamentary inquiries, key pieces of legislation are yet to appear, leaving the UK’s governance regulator without the new powers—or the new identity—proposed by those who advised change.
There has been some progress; the Big Four firms have begun the process of “operational separation”—dividing audit from the rest of their practice divisions—but other big questions are still to be resolved, not least how government will define a new “shared audit” structure, or what new audit committee standards will look like.
Some are encouraged that the Financial Reporting Council (FRC), the UK’s governance and audit watchdog, is pushing ahead with work that doesn’t require new laws. But that still leaves a lot undone.
Law in order
“Substantive change,” says John Boulton, policy director at the ICAEW, a professional body for accountants, “still relies on the primary legislation to establish ARGA [the new regulator replacing the FRC] and equip it with the statutory powers envisaged in the [government’s] feedback statement and it’s a pity that we still don’t have a firm date for this to take effect.”
Carillion collapsed with liabilities of around £7bn, triggering two reviews by House of Commons select committees, followed by three probes ordered by the government looking at the regulation of audit, the audit market and the content of audits.
The process has been arduous, with the government also issuing a 230-page white paper for consultation, followed in May last year by another 197 pages in response and intentions.
And although reform was mentioned in the Queen’s Speech, the legislation has not come forward, a fact that has both observers and practitioners concerned that “momentum” for reform risks being lost as auditors and companies wait for clarity.
Proposed measures
The headline proposals are: a new regulator (ARGA, the Audit, Reporting and Governance Authority) to take over from the FRC; shared audit for public interest companies; operational separation of audit for public interest companies; new “resilience” statement and internal controls measures; and a new set of minimum standards for audit committees.
That’s a simplification of what has been discussed. Some of the work is under way because it won’t need legislation. Mike Suffield, the head of policy at ACCA, the Association of Chartered Certified Accountants, says while delays might have some “legitimate” explanations, the watchdog “has been left to make as much progress as it can in the absence of legislative change, largely on an incremental and voluntary basis”.
Operational separation is one area where the big firms have taken the lead, some even claiming that it has rejuvenated their audit departments.
Paul Stephenson, managing partner for audit and assurance at Deloitte, says the firm “remains committed” to reform with significant changes already made. “This includes launching our independent and audit governance board, ring fencing our audit business three years before deadline for operational seperation and investing significantly in the development of our audit processes and technology.”
Stephenson offers high praise for the FRC and its efforts to push ahead with projects—in collaboration with auditors and corporates—that are not dependent on new laws.
That said, Mike Suffield points out that a close working relationship between the regulator and audits does not mean there has been “any let up in the FRC’s enforcement work”. The biggest penalty ever issued by the FRC came after events at Carillion when a £15mfine was imposed on Deloitte over its audit of the IT firm Autonomy. Last year, KPMG was fined £14.4m for misleading regulators who undertook an inspection of the firm’s Carillion audit work.
While the FRC waits for legislation to turn it into ARGA and endow its watchdogs with new responsibilities and powers, it has issued guidance about the work it has under way.
This includes a consultation on audit committee standards and revising the corporate governance code to reflect “expanded sustainability and ESG reporting”. There will also be revisions to the code to include more reporting of “malus and clawback” arrangements for executive pay.
Nothing personal
Much to the disappointment of many, the FRC will include new internal controls arrangements in the code with “comply or explain” principle. Many observers had wanted a regime similar to that in the US, where it is enshrined in law that directors carry personal liability for internal controls with mandatory assurance by external auditors. The UK’s arrangements have directors making a public statement with the assurance decision left open.
The area left unexplored is managed shared audit, whereby big firms must give some of their work on an engagement to a so-called “challenger firm”. Auditors await definitions with many saying the change will be pointless unless challenger firms receive a “meaningful” amount of work. At this stage, what this means remains murky at best.
A spokesperson for the Department for Business, Energy & Industrial Strategy said the government “remains committed to reforming audit and corporate governance”. It adds that the FRC already has new powers to ban auditors from reviewing large company accounts “where necessary”.
“Legislation will be introduced as soon as Parliamentary time allows,” the spokesperson said.
Those worried about progress will have to wait a little longer.