FRC to strengthen oversight of large audit firmsby
The UK accounting regulator has published a new audit firm governance code that aims to strengthen independent oversight of the largest UK audit firms.
The new code from the Financial Reporting Council (FRC) applies to the Big Four audit firms and firms that audit FTSE-350 companies and significant numbers of public interest entities (PIEs).
With the aim of strengthening the regulator’s oversight and governance, the report outlined that the code will provide a framework for good governance practice, promote audit quality and ensure firms take account of the public interest in their decision-making.
The code would also require audit firms to embed a “speak up” culture and to focus on the long-term sustainability of the firm and employee engagement.
Firms will have to implement the principles outlined in the code by 30 September 2024 and provide a transition timetable “as soon as practicable”.
The FRC used the findings of a monitoring programme to identify the scope to strengthen its oversight and governance and to align the provisions of the code with operational separation for the Big Four firms.
Comments on the code
The code comes as the Financial Times reports that the FRC is gearing up to announce new powers that will empower the regulator to strike off firms carrying out poor-quality work.
“The revised Audit Firm Governance Code further strengthens the governance and independent oversight of the largest audit firms to ensure audit quality is prioritised,” said FRC’s executive director of supervision, Sarah Rapson.
“Well-governed audit firms that act in the public interest are more likely to deliver a high-quality audit on a consistent basis. This will benefit investors, pensioners, taxpayers and users of financial accounts.”
Responding to the announcement, Big Four firm EY said, “Audit quality remains our key priority and we will be considering the implications of the FRC’s revised audit firm governance code and any necessary changes for our business in due course.”
Meanwhile, Stephen Griggs, UK managing partner at Deloitte said, “Deloitte has long recognised the benefits of strong governance and we voluntarily established our Audit Governance Board (AGB) in January 2021, ahead of the FRC’s 2024 deadline. Strong audit firm governance is important and we are supportive of measures that strengthen it, as well as enhance audit quality and improve choice in the audit sector.”
Key areas of the code
The principle of the code is broken down into five key areas:
- People, values and behaviour
- Operations and resilience
- INEs and ANEs
- Operational separation.
As explained in the leadership section, the code would also separate the role of the board chair. This means that the chair of the board should not also chair parts of the management structure or be the managing partner.
The other notable leadership principles include the need for at least half a firm’s board to be selected from partners without significant management responsibilities within the firm. It also emphasises the importance of a firm’s governance structure and that management should be subject to “formal, rigorous and ongoing performance evaluation”. In addition, there should be a formal annual evaluation of the performance of the board.
The consultation also raises the need for these firms to disclose in its annual transparency report the names and job titles of members of the firm’s governance structures and its management, how they were appointed and how its governance structures operate.
People and values
The main takeaway from the people and values section is the need for audit firms to “foster and maintain a culture of openness, which encourages people to consult, challenge, contribute ideas and share problems, knowledge and experience in order to achieve quality work in a way that takes the public interest into consideration”.
In order to do this, the FRC said the firm’s management board should “establish the firm’s purpose and values” and have a code of conduct.
Audit firms are advised to promote a commitment to quality work and professional judgment, which is driven by the “right tone at the top and the firm’s policies and procedures”.
A key component of rolling out a culture of openness is through promoting inclusion and encouraging people to speak up and challenge “without fear of reprisal”. Elsewhere, audit firms are encouraged to introduce meaningful key performance indicators on the performance of its governance system.
Operation and resilience
The next section continues the need for openness, yet this time it’s the need to share information openly with the FRC.
The regulator states that a key principle is that a “firm should communicate with its regulators in an open, co-operative and transparent manner”.
Elsewhere, the code requires firms to be resilient in how they operate. This means that firms should collect and assess management information to evaluate the effectiveness of their policies and procedures and their operational decision-making.
In order to support the way firms provide information to the regulator, firms are encouraged to develop “robust datasets” and “effective management information”, which would support the monitoring of their audit activities.
The paper also reinforces the role of the independent non-executive (INE) within an audit firm. For example, where a firm assesses and monitors culture, the INEs should be involved in this review. Alongside the board, the INEs should also oversee the compliance of the firm’s code of conduct, which should be disclosed on its website.
The majority of the paper is primarily directed at firms applying the code, but there is a section dedicated to the roles of the INEs and audit non-executives (ANE) and sets out ways for a clearer distinction between the roles.
Who should adopt the code?
The FRC encourages all that audit PIEs to adopt the code and expects those firms that audit 20 or more PIEs to apply it or if they audit one or more FTSE 350 companies.
Firms that do not audit any FTSE 350 companies, or if the number of their PIE audits drop below 10, do not need to apply the code.
The FRC explains that firms that do not meet the thresholds can apply the code in “a manner proportionate to their size and the nature of the entities they audit”.