APB tightens ethical standards
Following a lengthy consultation process which involved the publication of three consultation papers over the last few years, the Auditing Practices Board (APB) has published revised ethical standards (ES) for auditors that include modifications addressing the issues of auditor independence and the public perception of auditor independence in connection with the provision of non-audit services to their audit clients.
The revised ethical standards become effective from 30 April 2011, but audit firms may complete engagements relating to periods commencing on or before 31 December 2010 in accordance with the current standards.
The revision process was instigated by recent corporate failures and by general public perception that a substantial threat to auditor independence – and a consequential reduction in confidence that can be placed on an audit engagement – exists where non-audit services are provided by the auditor. Such perception is exacerbated where there is a high ratio of non-audit fees to audit fees paid to a company’s auditor. The scale of the issue was indicated by the proposal made by the Treasury Select Committee in October 2009 to impose a blanket prohibition on the provision of non-audit services by auditors.
The APB’s overall approach to the revision, which was widely supported by the results of the consultations, was that a general prohibition on the provision of non-audit services was not appropriate. The APB’s starting point was that the threats and safeguards approach and the specific prohibitions in respect of non-audit services included in the ethical standards, worked effectively in preserving auditor independence and audit quality and that there was in fact no evidence to the contrary.
However, the APB acknowledged that a problem of perception exists in respect of non-audit services and that it should be addressed by improved transparency and governance rather than further requirements in the ethical standards.
During the consultation exercise the APB also identified a number of areas in the ethical standards where improvement to the provisions in respect of non-audit services was required to respond to specific concerns raised.
Improving transparency and governance for audits of listed companies
In order to reduce the perception that auditor objectivity and independence could be compromised where non-audit services are provided, the APB has revised the ethical standards to improve the disclosures made by the auditor in respect of listed companies’ audits.
In the UK large companies are required under statutory requirements to disclose in their financial statements the remuneration receivable by their auditor in respect of different types of non-audit services received and the auditor must supply such information to enable the disclosures to be made. However, in its revision the APB has specifically addressed the auditor’s disclosures made for listed entities as they present the higher perception risk to auditor independence.
Under the revised ES 1 auditors should provide audit committees of listed companies with detailed information about the fees received for the provision of non-audit services. For such purpose the appendix to ES 1 includes a recommended template that categorises the various non-audit services that could be provided and illustrates how the service categories reconcile to the disclosures required by statute. Although the template is recommended for listed entities it may be helpful for the disclosures required by all large companies and for voluntary disclosures of medium-sized ones.
To tie up with improved auditor’s disclosures on non-audit services, the APB advocated enhanced disclosures in annual reports of the company’s policy on non-audit services and explanations as to why a company’s auditor was engaged to provide such services and how his independence had been safeguarded.
The FRC heeded the APB’s call and after consultations, amended its guidance for audit committees by including more specific description and explanation requirements in respect of non-audit services. Under the revised requirements the annual report of a listed entity should:
- set out the audit committee’s policy applied in respect of the provision of non-audit services by the auditor
- set out the fees paid to the auditor in accordance with the template for non-audit services issued by the APB in ES 1
- provide explanations as to why the audit committee concluded that it was in the interests of the company to purchase significant non-audit services from the external auditor (rather than another supplier) and how auditor objectivity and independence has been safeguarded.
The APB is of the opinion that the improved disclosures introduced by the revised ethical standards, combined with the revisions to the FRC guidance to audit committees, will reduce perceived threats to auditor objectivity and independence arising from the provision of non-audit services to listed entities.
The APB also believes that the decision whether a company’s auditor should be engaged to provide non-audit services is first and foremost a matter of corporate governance and that the current ethical standards approach to the issue is effective in maintaining auditor independence.
Internal audit services
In approaching its revision of the ethical standards the APB envisaged that there would be no major changes to the conceptual approach taken to the provision of non-audit services. However, some specific areas where amendments were deemed to be necessary were identified in response to concerns raised by respondents to the consultations.
One particular concern was that derived from the decision of the company Rentokil to outsource to its new external auditor some of its internal audit work. Many respondents pointed out that such engagement would result in the new auditor auditing their own work and taking management functions.
In response to such concerns the APB revised ES 5 and in particular introduced a new category of non-audit services called ‘audit related services’. The services specifically included in such category are normally carried out by audit team members, with the work involved being closely related to the actual audit work. Such services are therefore considered to pose only insignificant threats to auditor independence and, as a consequence, no safeguards need to be applied.
The list of 'audit related services' is included in paragraph 55 of the revised ES 5 and is as follows:
- reporting required by law or regulation to be provided by the auditor
- reviews of interim financial information
- reporting on regulatory returns
- reporting to a regulator on client assets
- reporting on government grants
- reporting on internal financial controls when required by law or regulation
- extended audit work that is authorised by those charged with governance performed on financial information and/or financial controls where this work is integrated with the audit work and is performed on the same principal terms and conditions.
The last category of 'extended audit work' is now clearly distinguished in ES 5 from internal audit services and when work of such nature is performed by the auditor, it would be outside the scope of internal audit services and no safeguards would need to be applied.
ES 5 also makes a distinction about the nature of internal audit services between 'assurance activities' designed to assess the design and operating effectiveness of existing or proposed systems or controls and ‘advisory activities’ where the auditor gives advice to the entity on the design and implementation of its risk management, control and governance processes.
Generally threats to auditor independence are lower for activities that are designed to provide assurance to those charged with governance, for example that internal controls are operating effectively, than for advisory activities that assist the entity in improving its risk management, control and governance processes.
ES 5 confirms that internal audit services can be provided if the auditor is satisfied that they are dealing with informed management and appropriate safeguards are applied. However, there are prohibitions for the provision of internal audit when, for the purpose of the audit of the accounts, the auditor would place significant reliance on the internal audit work it performed or when, for the purpose of the internal audit, the audit firm would undertake part of the role of management.
In addition, paragraph 64 of ES 5 now clarifies that outsourcing substantially all of the internal audit function to the audit firm is unacceptable where the work undertaken is significant to the audited entity, which would not typically be the case for a small business whose internal audit activity is often not significant. It would also be unacceptable for a firm, in view of the management threat, to undertake internal audit engagements that involve designing internal controls, implementing changes to controls, taking responsibility for risk management decisions or evaluating the cost effectiveness of activities, systems and controls.
Revised ES 5 now includes a new section that deals with the provision of restructuring services to an audited entity. The new section explains how the general approach to non-audit services is applied to restructuring services and introduces a number of prohibitions to address the management, advocacy and self-review threats that arise from such services.
Paragraph 145 of ES 5 introduces a prohibition to perform restructuring services where the engagement would involve the firm undertaking a management role in or on behalf of the audited entity and where the engagement would require the firm to act as an advocate for the audited entity on matters that are material to the financial statements.
Typically an audit firm would undertake a management role when the client does not have informed management capable of taking responsibility for the restructuring decisions to be made. A firm would instead act as an advocate if it assumes responsibility for the entity’s proposals or is seen as negotiating on behalf of the entity or advocating the appropriateness of the proposals, especially when attending meetings with the entity’s bank or other interested parties, such that its independence is compromised.
The APB also dealt with the self-review threat that is seen to arise when the auditor participates in the development of or implementation of a restructuring plan and then reviews it as part of the consideration of the going concern assumption. Such threats are particularly relevant in the case of an audited 'entity in distress' that is an entity with actual or anticipated financial or operational difficulties that threaten its survival as a going concern.
Paragraph 147 of ES 5 deals with the self-review threat in respect of unlisted entities by introducing a threat and safeguards approach that requires the audit firm not to undertake restructuring services, unless appropriate safeguards have been put in place to make the threat acceptable.
In respect of listed entities in distress, paragraph 153 of ES 5 requires a stricter approach to the provision of restructuring services so that only a limited number of services could be provided. The services allowed would be generally not material and peripheral to a restructuring plan, such as general preliminary advice, assistance with the implementation of immaterial elements of a plan or challenging, but not developing, projections and assumptions in a financial model, unless the services are specifically permitted by a regulatory body with oversight of the audited entity.
Contingent fees for non-audit services
The APB became concerned with the fact that the old definition of contingent fee basis excluded a number of arrangements that were dependent on a future event or condition via the exception permitted for differential hourly fee rates. Such exception allowed differential hourly rates or arrangements under which the fee payable would be negotiated after the completion of the engagement not to constitute contingent fee arrangements.
To close the loophole the APB has modified the definition of contingent fees by removing the exception mentioned above.
In addition the APB has not imposed a blanket prohibition on all contingent fees but has modified ES 5 to prohibit acceptance of all non-audit services engagements undertaken on such basis if the contingent fee is material to the audit firm or the outcome of the service, and consequently of the fee amount, is dependent on an audit judgement on a material matter in the financial statements of the entity.
Conflicts of interest
In response to concerns that the provision of non-audit services to connected parties of the audited entity may create conflicts of interest and therefore threats to auditor independence, ES 1 has been revised to include such services in the definition of non-audit services and to require an assessment of threats and available safeguards in respect of known services to connected parties.
A similar assessment would also be required in respect of non-audit services provided to third parties in respect of the audited entity, where the outcome of such services has a material impact on the accounts of the audit client. That could be the case when, for instance, the audit firm provided actuarial services to the pension scheme of an audited entity.