Save content
Have you found this content useful? Use the button above to save it to your profile.
audit concept | accountingweb | FRC’s Ethical Standard update 2024
iStock_parradee_kietsirikul_audit_rules

How will the new audit rules affect your firm?

by

The Financial Reporting Council has updated the ethical standard for auditors. Julia Penny looks at what impact this will have on firms and the quality of audit.

17th Jan 2024
Save content
Have you found this content useful? Use the button above to save it to your profile.

The expected update to the ethical standard (ES) for auditors was issued by the Financial Reporting Council (FRC) on 15 January. The updated standard does three main things:

  • simplifies the standard and adds clarity to areas that were causing issues for auditors and assurance providers
  • incorporates the updates made to the International Ethics Standards Board for Accountants (IESBA) code
  • adds a targeted restriction on fees from entities related by a single controlling party.

At the same time the FRC has issued guidance for auditors on the application of the objective, reasonable and informed third-party test (ORITP test), which many of the requirements in the ES are predicated on. The guidance is not prescriptive but highlights ways in which firms can ensure they take account of the ORITP, such as using panels of such individuals to give prospective or retrospective views on ethical decisions.

The consultation draft for the ES was issued in August 2023. The resulting feedback statement issued in January with the new standard, sets out the original objectives and a summary of the views of respondents. Let’s look at some of the key changes and their implications.

OEPIs and PIEs

One of the most noticeable points from the feedback statements is the universal desire of those responding to remove the other entity of public interest (OEPI) category. Many also wanted the new definition of a public interest entity (PIE) to be simpler and aligned between the various definitions within statute, the FRC ES and the IESBA code. The FRC commented that it cannot change the PIE definition, only government can do that, but it stated that it was highly likely that the FRC would amend or withdraw the OEPI category, once details of any new statutory definition for PIEs is known. 

We can only hope for a future PIE definition that is understandable and workable. At present, working out if you are providing services to a PIE can often be tortuous and potentially lead to inadvertent, but significant, breaches of regulations and standards if you incorrectly conclude an entity is not a PIE. It is forever a source of frustration that regulations can be so opaque, and that following them becomes a minefield.

Breaches reporting

The standard has also been revised concerning the requirement for reporting breaches to the FRC. The ES now specifically requires the engagement and ethics partners to consider the perspective of an ORITP in making judgments on whether it is necessary to resign from an engagement or what safeguards are required. In the additional guidance issued on the ORITP test there is a discussion of the possible use of panels of relevant individuals to help test whether the conclusions of the audit and ethics partners properly meet the test. It is clear that firms will need to be careful to show how they have considered the ORITP test, rather than just treat it as something that could be considered in a court or during enforcement procedures.

Much to everyone’s relief, the original proposals to, in effect, treat all breaches not picked up by the firm’s systems as “not inadvertent” have been dropped. Instead, the previous requirement to use professional judgment to determine if a breach is inadvertent is retained. This seems only fair given that the definition of inadvertent is usually taken to be “not resulting from, or achieved through, deliberate planning”. It would have seemed unduly harsh to then say that a system not picking up on a breach is therefore deliberate action to breach the standard. 

While the focus on the detailed description of what is inadvertent might seem pedantic, it is vitally important. An inadvertent breach is stated to not necessarily call into question the firm’s ability to give an audit or other public interest assurance opinion (see 1.25 of the ES). Conversely, it would seem therefore that a breach not classified as inadvertent would be almost certain to indicate the firm would be unable (from an ethics viewpoint) to provide the relevant audit or public interest assurance opinions.

Clarifications to additional requirements

A new paragraph (1.46) has been added that summarises where additional requirements relating to certain types of entity exist. Respondents to the consultation indicated that this was helpful, given the current minefield of requirements. The new paragraph sets out which additional requirements apply to the following entities:

  • PIEs as defined in UK law
  • listed entities only (including such entities that are PIEs, both as defined in UK law and in the definition of a PIE in the IESBA code)
  • listed entities and PIEs, both as defined in UK law, and in the definition of a PIE in the IESBA code. 

While the paragraph is helpful, it does highlight, given that there are between five and seven extra requirements for each of the above categories, how complex the underlying legal situation has become. It is easy to see that firms might breach the standards despite best efforts to comply, given the complexity. It is even easier to see the increased costs of compliance that such complexities give rise to. The FRC has been directed by government to include a focus on improving the competitiveness of UK plc and, while the FRC can do nothing about the PIE definition, surely the government should follow its own advice and ensure that definitions are simple (or as simple as possible) and aligned. This would reduce costs and help to prevent slight differences in requirements creating gaps down which the unwary can fall. 

Partner and staff rotation

The wording and presentation have sought to combine the rules and the separately published FRC guidance, to make it easier to understand. There is also now a helpful table in paragraph 3.22 summarising the requirements as they apply to individual partners in various roles, for the different entity types.

Fees

One of the more substantive changes is the consideration of independence based on fees received by the firm. Previously the requirement stated that where the total fees for services from a public interest entity or other listed entity and its subsidiaries relevant to a recurring engagement by the firm exceeded 10%, the firm resigns or does not stand for reappointment. The new wording strengthens this by adding to the group concept, that if the fees are from a collection of entities with the same beneficial owner or controlling party (which is not a corporate entity) this also counts towards the 10%. 

Arguably, given that the 2019 ES states that the overriding objective to ensure independence applies, as well as the specific rules, firms may already have taken such situations into account when deciding on their independence. Presumably the FRC found that this didn’t always happen and so have made the change to the requirements. This highlights the fact that a list of detailed rules, even where principles are supposed to be followed in addition to the rules, can often lead to an overly rules-based approach, leading to the need for more rules! 

The change is perfectly logical though, as the fee limit is designed to protect the independence of the firm. If you are getting 10% or more from a particular client group, and issuing a qualified opinion could risk you losing such a large amount of fees, you might be more reluctant to do so. But if you have a collection of companies, all ultimately owned by the same individual, the risk is the same. If you issue a qualified opinion on one entity, you risk losing all of those related entities, even though they aren’t in the same corporate group. 

IESBA changes

The IESBA code is in some cases more stringent now, so amendments have been made to match the requirements and to address some findings in FRC inspections in relation to non-audit services. In summary, changes have been made to prohibit more IT services, tax services, recruitment and remuneration services and corporate finance services. 

Financial interests of individuals

There is also a tightening up of what happens if there is a breach to the requirement not to have a financial interest (except as specified) in an entity relevant to an engagement. As well as disposing of (or part disposing of) the interest, and not being a covered person for that engagement, if the breach arose from a material prohibited financial interest or a prohibited transaction in a financial instrument, the individual is also excluded from any role that means they would be operating in the same office or business unit as the engagement partner if they themselves are not the engagement partner (see 2.9 and 2.10 for further information). This could mean that someone would need to change office or department, so it is even more important to ensure the requirements are not breached.

Audit cap and ESG assurance 

While not addressed in the standard there are concerns about the 70% cap on non-audit fees for a PIE audit, particularly for existing or future ESG assurance work as it is currently not statutorily required from the auditor. The FRC has no power to change the definitions used in the cap, but it will report the concerns back to the Department for Business and Trade.

Effective date

The new standard becomes effective on 15 December 2024, though firms may complete engagements relating to periods commencing before 15 December 2024, according to existing ethical standards. 

Independence of firms

So what impact is this new standard going to have on firms and on the actual independence of firms? 

Most significantly, there may be firms impacted by the new restriction concerning clients that have the same controlling party, even though they are not part of the same group of entities. The fee limits might be exceeded, meaning that the firm must resign, or they might be at a level below the need to resign, but requiring additional safeguards. This may genuinely improve independence in terms of fee reliance in some cases.

In addition to this change, there are some more minor changes in prohibited non-audit services and all firms will need to carefully reassess whether any of the changed requirements impact their ability to act. But the changes are not huge.

Firms will need to spend time carefully considering the changes, just in case they impact them and of course, policies, procedures and systems will all need changing. But will there be a big impact on the quality of audit? I suspect not. Being independent isn’t just about following rules and principles. It’s about truly understanding the nature of audit, noticing when something is going to impact independence or quality and doing something about that. Even if the something is resigning. It is about ethics, in its broadest sense, not just about a big list of (nonetheless vitally important) rules.

Tags:

Replies (5)

Please login or register to join the discussion.

avatar
By Justin Bryant
17th Jan 2024 15:48

They can bring in a million new audit rules/standards, yet nothing will change re audit quality unless/until an auditor is truly independent of their client re audit fees e.g. only with someone like NAO doing the job would you get that; otherwise there is always that basic conflict of interest re auditor's fees paid by the very clients they are auditing.

Thanks (4)
Replying to Justin Bryant:
avatar
By FactChecker
17th Jan 2024 19:38

Totally agree ... but isn't it actually (if subtly) worse?

I thought the Audit was to protect (or at least inform) the shareholders - who do get to pay (indirectly) for the process/report, but can typically place no reliance on it.
Because, the 'directing minds' are simultaneously those who ... appoint the auditors / interact with the auditors / and (through the leverage of that 1st point) get to be the prime influencers on what is excluded/included or re-phrased - oh and who are most directly affected in their personal pockets by the 'agreed' results.

So it's not just 'independence' that's needed, but complete divorce from the Board at every level.

Thanks (4)
Replying to FactChecker:
avatar
By Justin Bryant
18th Jan 2024 08:41

Yes; the whole audit thing's a scam pretense basically (unless done by the likes of NAO).

Thanks (2)
avatar
By paul.benny
19th Jan 2024 09:59

It’s a very jaded and cynical view to suggest that because auditors are paid by client they cannot be independent. Sounds like you’re not familiar with the provisions of the UK Governance Code and Audit Committee Standard, which include principles such as requring the board to:

Quote:
.. establish formal and transparent policies and procedures to ensure the independence and effectiveness of internal and external audit functions..

Further, the audit committee is required to

Quote:
Review and monitor the external auditor’s independence and objectivity

Audit committees are required to have a non-exec chair and a majority of non-exec members.

Thanks (0)
avatar
By tedbuck
22nd Jan 2024 21:29

When I read these articles I am not surprised that Auditing is rarely successful with big business.

Stuffed with Acronyms and b******t blather they become boring before the third paragraph.

How on earth can any normal person retain interest with such rubbish?

And company accounts running to 200 odd pages - who on earth is going to read them? And look at the notes on tiny Company's accounts you could take a day to read them and be no wiser.

It seems to me that it is the accounting bodies justifying their very expensive existence. As for AML words honestly fail me - all that paperwork and compliance for the shop round the corner or the small engineering company. A total waste of time but do our PBs say anything? No of course not it gives them something to do to justify their existence.

And HMG expresses surprise that the economy isn't as productive as it might be - can't say I'm surprised.

If they seriously want audits of large firms to be effective the process needs to be changed. Divorce the auditors from all other sources of income from audit clients and you might get a better result. On the other hand you might find no auditors left. Back to the National Audit Office as an earlier respondent suggested but wouldn't they be Civil Servants? Scrap that idea then.

Just no hope left I think.

Thanks (0)