Shortly before Christmas, the Brydon report into the quality and effectiveness of audits was published. This contains 64 recommendations, including points on:
While the list above may look bland, there are some big changes proposed. In overview, the report recommends the substantial expansion of the scope of audit, the matters to be covered by the opinion and potentially the persons to whom a duty may be owed. There are also recommendations that will require careful thought about how they could be implemented; some of these will require changes in the law.
However, as with the Kingman report on the Financial Reporting Council, whose recommendations have yet to be fully decided on or implemented, these recommendations have to compete with other matters for government attention. Apart from its impact on governmental priorities, COVID-19 has had and will continue to have a deep recessionary impact, affecting the performance and viability of many companies. In the light of this and the publicity surrounding recent corporate scandals, such as NMC Health, the pressure for reform ought to intensify.
The report is not only detailed, it is 110 pages long, before appendices. Helpfully, however, the report has a 10 page summary of conclusions. Let's look at some of the key points:
The Brydon report proposes that the purpose of the audit is to establish and maintain deserved confidence in a company, its directors and the information for which they have responsibility to report, including the financial statements. Audit exists, fundamentally, to help users know how confident they can be in the information audited and by extension in those who produced it. By contrast, Brydon comments that “audit today, however, is fundamentally restricted to assuring the material accuracy of the financial statements and, even with this restricted scope, is only partially meeting even that objective”.
Brydon recommends that the Audit Reporting and Governance Authority (ARGA) should facilitate the establishment of a corporate auditing profession and that nine principles are adopted, of which the following are the more novel:
While the principles above may contain matters that a high-quality audit already implicitly addresses, the principles go wider and are more specific than what is conveyed by current auditing and ethical standards. It is clear that Brydon considers this a fundamental part of his recommendations to improve the effectiveness and quality of audits and should help to elevate the standing of the auditor.
In commenting on what a high-quality audit is, Brydon notes that judgement requires the application of scepticism throughout and suspicion where appropriate on the basis of tested information. The need to assess that judgements should remain appropriate in the light of subsequent events that were reasonably predictable.
Brydon proposes that ARGA should amend ISA (UK) 240 so that it is clear that the auditor is obliged to “endeavour to detect fraud in all material ways”.
He comments that: “I consider that a key part of the education necessary to be a successful auditor is to be found in the current training afforded to forensic accountants. The psychology of suspicion that accompanies forensic accounting should be more widely taught, equipping auditors with the ability to choose between scepticism and suspicion in different circumstances.”
Elsewhere in the Brydon report, Brydon comments that the risk of confirmation bias grows as the cultural fit between management and auditor becomes more comfortable. Such bias can be reduced by introducing a more forensic mindset.
The report also recommends the establishment of an independent auditor fraud panel to judge auditors’ culpability in a manner similar to that followed by the Takeover Panel; a recommendation made to mitigate the use of hindsight in judging performance with respect to fraud detection. The panel would consider the results of investigations into auditor failure to detect frauds and have the ability to levy sanctions. Brydon posits that such a panel would give auditors confidence to which they would be subject and lessen the risk of court proceedings.
Directors should make a public interest statement covering how the directors have complied with sections 1721 and 414 of the CA 20062, and the auditor should report on the consistency of the statement with the report and accounts as a whole. Brydon also recommends that the auditor should report “whether the directors’ section 172 statement is based on observed reality, on the basis of the auditor’s knowledge of the company and its processes”.
Directors should publish a resilience statement incorporating a going concern opinion for the short term, a statement of resilience in the medium term and a consideration of the risks to resilience in the long term, which Brydon comments, should enhance and build on the current going concern and viability statements. The short-term resilience statement would be subject to audit in the same way that the going concern statement is at present.
Although there is no requirement for the directors to seek any additional assurance on the medium-term resilience statement or the long-term resilience statement, Brydon states that the auditors would be obliged to disclose any information they find within the company or from external sources that materially contradicts anything in the resilience statement. He recommends that ARGA should require the auditors to report to the board if they have encountered any information in the course of their audit that leads to an anxiety about the resilience of the business. If they believe the board pays insufficient attention to their anxieties, they should have an obligation to report to ARGA or an alternative regulator, depending on the circumstances.
They should also be obliged to report to the audit committee and shareholders on the extent to which their work has been influenced and informed by any external signals that might imply enhanced risk to the company. The directors would have an obligation to report on their reaction to such signals; and the auditors should report on the extent to which they have accepted and/or tested the directors’ comments and observations. Brydon also recommends that ARGA develops a menu of signals against which the auditors should report.
Other areas that Brydon considers should be subject to audit are alternative performance measures and any key performance indicators used in calculating executive remuneration. There is a chapter in the report on communicating judgements, which extends to potentially reporting where the auditor considers the culture described by the company in its annual reports and elsewhere is inconsistent with that observed by the auditor.
The commentary above might give the impression that the Brydon report focuses narrowly on the audit and the auditors. There is much in the report concerning the role of the board, directors and the audit committee. In addition to the matters already mentioned, there are recommendations about a UK internal controls statement, a rolling three-year audit and assurance policy, and suggestions concerning directors’ statements relating to dividends and capital maintenance. There is recognition of the linkages between the audited entity, its directors, the auditors, the audit regulator, shareholders and other stakeholders.
It is also clear from the report and some of Brydon's comments subsequent to its publication that it is up to the shareholders (who, indirectly, pay for the audit) to endorse or to challenge the extent of assurance made by the directors in the audit and assurance policy. To answer the question in the title, by making a significant number of incremental recommendations and some new ones, the report recommends a substantial expansion of the scope and depth of audits and represents a radical change.
For more information, get in touch with Hugh Simons.