KPMG faces a record-breaking fine of £26.5m for failure on the 2018 audit of Carillion, the construction giant that collapsed prompting a five-year pursuit of audit reform that is still to be resolved.
The fine exceeds the previous record-breaking figure of £20m, also against KPMG, for misleading regulators during a routine inspection of audit work at Carillion and Regeneris.
The £26.5m is discounted to £18.5m to reflect KPMG’s co-operation in the investigation. In addition, KPMG is also fined £3.5m for failing on the 2013 audit of Carillion, reduced to £2.45m.
Partner Peter Meehan, in charge of the 2018 audit, is fined £500,000 (reduced to £350,000), while Darren Turner, who led the 2013 work, is fined £100,000, cut to £70,000.
KPMG has now been fined cumulatively £30m for its work at Carillion, reduced to a total of £21.5 in return for cooperation.
The Financial Reporting Council’s chief executive, Richard Moriarty, says KPMG was a “textbook case study in failure”, with safeguards “missing” that should have been in place during the audit.
“Although primary responsibility for the failure must lie with the directors of the business and those who failed to meet the expected audit requirements,” says Moriarty, “it also helped to shine a light on the need to modernise the legislative framework for audit regulation.”
Regulators say the “number, range and seriousness” of failings in the Carillion audit prior to its collapse were “exceptional”. The FRC says flawed audit involved a lack of professional scepticism, a failure to challenge management and a “loss of objectivity”. This, watchdogs say, includes work on Carillion’s “going concern” statement in which auditors are expected to weigh whether a company faces “real threats” to its survival.
KPMG’s records of the audit work were considered “unreliable” and, in some cases, misleading. The FRC says that on some occassions Peter Meehan ordered staff to record his work on working papers “without ensuring he had in fact performed such a review”. The FRC says in a statement this showed he “failed to act with integrity”.
The government ordered a series of three major reviews following the collapse of Carillion, looking at audit regulation, the audit market, and the content of audit alongside audit responsibilities (including to uncover fraud).
The reviews ended in a series of recommendations, topped by the creation of a brand new regulator, The Audit, Reporting and Governance Authority (ARGA), with a new set of powers.
The wait of expectation
However, although the FRC has completed much of the preparatory work for becoming ARGA, the government is yet to pass the necessary legislation to create the body and give it power.
Last month, it emerged that the government is unlikely to move on reform before the next election. It remains unclear whether audit will be mentioned in the legislative agenda to be set out in the King’s Speech next month on 7 November.
In a countermove, the Labour Party made commitments to push ahead with reform, though there is little clarity over timing.
There remains much frustration about progress of the reforms. Anne Kiem, chief executive of the Chartered Institute of Internal Auditors, says: “The latest fines issued by the Financial Reporting Council … once again underline the urgent need for government to get on and publish the Audit Reform Bill it promised over a year ago.
“This legislation is urgently needed to put the audit regulator on a statutory footing with the legal powers it needs to do its job effectively.”
A raft of reforms
A new regulator was not the only reform floated as a response to Carillion. Recommendations also included the introduction of “managed share audits” to improve competition in the audit market; operational separation of audit departments from other departments to improve the independence of auditors; a set of new minimum standards for audit committees covering their relationship with audit firms; and new reporting requirements for audit committees on internal controls and risk management.
The FRC has completed work on audit committee standards but will need legislation to be able to impose and enforce them.
Managed shared audit, highly controversial among audit firms, will also require mandating through law.
Big audit firms moved forward with restructuring and separation before it was imposed.
The internal controls measures are being implemented through a current review of the UK Corporate Governance Code. Rather than being mandatory, they will be subject to the “comply or explain” principle, a decision that disappointed many in the sector who had pushed for measures closer to the US Sarbanes-Oxley (Sox) Act, brought after the collapse of Enron and WorldCom in 2001 and 2002.
KPMG now has the dubious honour of having received three of the biggest five fines. Before the fines for the Carillion audit and misleading regulators, KPMG was fined £13m for its work on the audit of mattress maker Silentnight.
The collapse of BHS, a department store that went bust in 2016, saw auditor PwC, the world’s largest audit firm, fined £10m.
The Carillion fine illustrates the high stakes and public interest when auditing big companies. The UK has reforms waiting in the wings, changes that have much support. All the government has to do is put them into law.