The audit report is the primary channel of communication between the auditor and a company’s shareholders, so it is perhaps not surprising that the format has been the subject of much debate recently, both in the UK and internationally.
In June 2013 the Financial Reporting Council issued a revised version of International Standard on Auditing (UK and Ireland) 700 – the fourth time it has been revised since its issue in 2004. It is therefore perhaps timely to reflect on how we got to where we are now. Note that this article will concentrate of the requirements relevant to publicly quoted companies.
The first Auditing Standard on the Audit Report, issued by the Auditing Practices Committee in April 1980, included the following example audit report:
Auditors' Report to the Members of XYZ Limited
We have audited the financial statements on pages... to... in accordance with approved Auditing Standards.
In our opinion the financial statements [which have been prepared under the historic cost convention as modified by the revaluation of land and buildings] give a true and fair view of the state of the company's affairs at... and of its profit and source and application of funds for the year then ended and comply with the Companies Act 1985.
This report met the requirements of the Companies Act at the time and was short and to the point. It was easy to see at a glance whether the auditor had any reservations about the financial statements as any qualification would significantly increase the length of the report.
However, in the 1980s there were a number of prominent audit failures and the reputation of the profession was damaged. The Dearing Review resulted in the Auditing Practices Board (APB) replacing the Auditing Practices Committee, and one of its first tasks was to consult on the audit report. The findings were that users did not understand the nature and role of audit, and the standard audit report did nothing to enlighten them. In 1993, therefore, SAS 600 was issued. The new audit report tried to clarify the respective responsibilities of the directors and auditors and explain the key features of the audit process in the basis of the auditor’s opinion. Undoubtedly this was a step forward, but can you really explain what an audit is in a one-page report using standardised wording?
In 2004, SAS 600 was replaced by ISA (UK and Ireland) 700. This was as a result of the APB voluntarily adopting international auditing standards in order to support international harmonisation (although the UK has not adopted ISA 700). As auditors were generally satisfied with the format of the report, the new ISA (UK and Ireland) 700 did not make any significant changes.
With the enactment of Companies Act 2006, changes were again going to be necessary to the audit report. By now, the expanded audit report had been around for over 10 years, and it was no longer considered to meet user needs as well as it could. There were a number of issues of concern, and so the APB decided to take a phased approach.
The first issue the APB decided to tackle was the conciseness of the report. With the increasing importance of corporate governance, and further responsibilities imposed on the auditor by additional listing requirements, the audit report had become much longer.
The March 2009 ISA (UK and Ireland) 700 sought to address this. As mentioned above, the audit report included descriptions of what an audit involved, and detailed descriptions of the auditor’s responsibilities. However, after 14 years, the investing community was now believed to understand an audit. While it is necessary to maintain user understanding, the audit report is not necessarily the place for it. As a result, the description of the auditor’s responsibilities was shortened and the basis of opinion section, renamed the scope of the audit, was reduced to a reference to where a fuller description is available.
The language of the audit report has also come in for much criticism. It has been accused of being standardised and legalistic with too many provisos and caveats. Phrases used such as ‘reasonable assurance’ and ‘material misstatement’ could be interpreted as a get out clause for auditors. The report was better at telling users what an audit isn’t, rather than what is.
Users wanted individual, company-specific commentary rather than the boiler plate report they were getting. They wanted information on issues such as risk and uncertainty, the resolution of material issues, different accounting treatments considered, etc. Consultations thus continued, and in January 2011 the Financial Reporting Council (FRC) published a discussion paper, Effective Company Stewardship – Enhancing Company Reporting and Audit. Eight months later this was followed by Effective Company Stewardship Next Steps.
The conclusion from these discussion papers was that it was not appropriate for the auditor to write a commentary in their own words on the financial statements or the audit of them. Rather, this was management’s duty, and the proper place for disclosure was considered to be the Audit Committee Report. As the UK has a well-developed corporate governance regime, which is also under the remit of the FRC, this joined-up approach was a practical and workable solution. The ISAs and the UK Corporate Governance Code were therefore revised to improve and strengthen auditor reporting to audit committees and provide insight into this communication through enhanced Audit Committee commentary in the annual report. At the same time the audit report was expanded to require the auditor to report, by exception, if the board’s disclosures did not address the matters communicated to the audit committee.
These changes were due to be announced by issuing revised ISAs (UK and Ireland) in October 2012. However, shortly before this the International Auditing and Assurance Standards Board (IAASB) added its voice to the calls for change. They proposed a new ‘auditor commentary’ which highlighted matters arising from the audit that the auditor judged to be important to user understanding of the financial statements and the audit. The FRC sought views as to whether this was consistent with the changes they had already decided upon. The conclusion was that the IAASB could not adopt the same approach as the UK, but overall the proposals were consistent.
At the same time as these discussions were rumbling on, the Competition Commission had been investigating the audit market. During the course of their inquiry it had noted significant institutional investor dissatisfaction. The Stewardship Code, first introduced in 2010, states that in a publicly listed company responsibility for stewardship is shared. Investors must hold the board to account for the fulfilment of its responsibilities. Enhanced auditor reporting was seen as a way of providing a basis for initiating discussions, both with directors and auditors, and would enable investors to fulfil their role. In February 2013 the Competition Commission recommended extended reporting requirements, either in the audit committee or auditor’s report. However, the October 2012 changes to ISA (UK and Ireland) 700 would, unless the directors failed to properly fulfil their reporting responsibilities, consist largely of standardised language. This did not give any incentive for users to actually read the report, or to engage with the company.
The FRC took all this on board, and following further consultations, issued the most recent version of ISA (UK and Ireland) 700 in June 2013, effective for accounting periods beginning on or after 1 October 2012. This is perhaps the most radical change to the audit report to date. The report does still contain standardised wording. This is necessary for sections such as the opinion, where clarity of communication is imperative. However, although the idea had previously been rejected, auditors are now required to report in their own words and must:
- provide an overview of the scope of the audit, showing how they addressed the risk and materiality considerations
- describe the risks that had the greatest effect on:
- the overall audit strategy
- the allocation of resources in the audit
- directing the efforts of the engagement team
- provide an explanation of how they applied the concept of materiality in planning and performing the audit
So, what is the verdict on the new audit report? It is hoped that these changes will enhance the transparency of the auditor’s report and lead to better communication with investors. However, there is a fear that, over time, standardised language will gradually increase again. To a certain extent, this is to be expected. For any particular company, key risks are likely to similar from year to year, and thus disclosures may be repeated. Provided this is an accurate reflection of the auditor’s considerations, this is not necessarily a problem.
Auditors were initially reluctant to embrace the change, fearing they would be exposed to increased risks. However, faced with the inevitability, they have come on board. Deloitte adopted the new report early for Vodafone’s 2013 accounts. The report was two sides of small, close typeface. If the SAS 600 report was considered too long in 2007, what will users make of this report? Will this report help to close the expectation gap? Only time will tell.
The new audit report might also be seen as a backwards step in the road to international harmonisation. As at August 2012 126 countries were using the IAASB ISAs, either as their national standards or by adopting them directly. The UK has therefore gone it alone with these changes.
However, dissatisfaction with the current audit report is not unique to the UK. In March 2012 the Singapore Institute of Directors and ACCA held roundtable discussions on enhancing the value of audit. The feeling was that directors would like to see more subjective statements from the auditors including their assessments of the overall control environment and the ’tone at the top’. At an ACCA roundtable in the Caribbean in April 2013 delegates discussed how the addition of an ‘Auditor Commentary’ in the audit report would improve its relevance and communicative value. While it was seen to be beneficial, concerns were expressed about the impact on length and complexity and the potential for misinterpretation. Users may find it challenging to understand technically difficult matters and to interpret the qualitative descriptions deriving from subjective judgments made by the auditor.
The FRC has been criticised for moving in advance of the IAASB. However, the IAASB does not have timetable for implementation. International concerns may result in a lengthy consultation period so all affected parties can gain a proper understanding. By the UK taking the plunge, other countries will be able to assess the practical impact of the changes. The IAASB will then be able to make a more informed decision. I suspect the eyes of the world will now be on UK audit reports.
Carol Masters is a senior teaching fellow in the Management School at the University of Southampton