Audit firm governance

Comments from ACCA to the Financial Reporting Council (FRC), 31 January 2009.

Executive Summary

ACCA welcomes the opportunity to respond to the Evidence Gathering Consultation Paper (the Paper), issued by the Audit Firm Governance Working Group in a project for the Financial Reporting Council. We congratulate the Working Group on the accuracy and appropriate depth of the analysis in the Paper supported by the inclusion of relevant supplementary briefing information.

ACCA supports the concept of a Combined Code-style, 'comply or explain' approach to audit firm governance. However, there are considerable differences between the application of the Combined Code to listed companies and the circumstances of an Audit Firm Governance Code (the Code) that argue for a more flexible approach.

There is considerable diversity within the relatively small number of audit firms to which the Code would apply. As well as size, there are differences in ownership and governance structures and in the international structures of networks. This lessens the likelihood of achieving a consensus approach to the Code. Audit firms are already heavily regulated and it is important for the Code to avoid duplicating requirements. In addition, we do not believe that a rigid Code could avoid imposing a disproportionate cost on smaller audit firms.

There is a fundamental choice to be made between creating the Code to reflect a natural balance between the needs of a firm's stakeholders or to treat the shareholders of audit client companies as its primary focus. ACCA favours the latter as it aligns the project more closely to the rationale behind the FRC Choice in the UK Audit Market project. Other stakeholders may be able to make use of the outcome of the application of the Code, in particular, the owners of the business, normally the partners in the firm.

We suggest that the Code, which should be enforced only by market forces, should be reported at the level of the UK firm, including its non-audit activities and have regard to any significant risks in network structures. The application of the various mechanisms of governance may however be at a different, higher level if the corporate structure of the firm makes that a more practicable approach.

ACCA is pleased to offer further support to the Audit Firm Governance Working Group in particular to assist the Working Group by sharing insights from our global interactions with auditors, investors and regulators in major capital markets.

General Comments

The Importance of Good Governance

In the current challenging economic conditions there is an even greater need on the part of shareholders and, indeed, society as a whole to be able to have confidence in corporate reporting. A reliable audit, carried out by a properly competent firm should be a key component contributing to this confidence. It is important that audit firms are, and are seen to be, well governed. We recognise, therefore, the importance of this project and we support its objectives.

We support the Combined Code and the 'comply or explain' approach for listed companies. However, as we have suggested in the past to the FRC, we consider the application of the Combined Code's principles to be at least as important as its provisions and so prefer what we refer to as an 'apply, comply or explain' approach. The current crisis affecting the banking sector has raised difficult questions about how well some organisations have applied the Combined Code's principles. In particular, there have been concerns about how shareholders engage with boards and boards engage with management. It would seem that such engagement to date has not been entirely in the long-tem interest of companies or their shareholders and other stakeholders and may even have encouraged the short-termist behaviour which has jeopardised the financial system.

Support for the concept – Caution About the Practicalities

The Paper correctly anticipates that the creation of the Code would need to overcome considerable difficulties in relation to matters such as: risk management, the international structures of the firms, governance structures and independent non-executives, and scope of firms to be covered. We agree with this and in our answers to the specific questions posed in the Paper we note many difficulties under these and other headings.

If the Code is introduced with the scope laid down by the Market Participants Group (MPG), we conclude that it will be too costly for smaller audit firms, particularly if it mandates independent non-executive directors.

There does not exist currently a consensus as to what constitutes best practice in governance of audit firms. For example, positions on the value of independent non-executive directors are either unresolved or in complete opposition to one another. While some firms advise on and profess exceptional expertise in corporate governance of listed companies, their internal governance arrangements have yet to receive a similar level of public exposure and scrutiny. The long history that stands behind the current Combined Code is absent.

The MPG recognised that it could only recommend the application of a 'Combined Code-style' best practice corporate governance guide because the Combined Code would require considerable modification to be fit for use in the different circumstances of audit firms. The MPG also concluded that its recommendation should be less costly than increased regulation. We regret that the Code has not been more properly referred to as 'the Guide' as that would not only accord with the MPG terminology but also signal the necessarily different nature of the corporate governance pronouncement for audit firms.

The Combined Code is clear in its focus on shareholders, coinciding with the primary addressees of financial reporting. There are issues about the extent to which the Code should now recognise other legitimate stakeholders but that is outside the scope of this response. As set out in our answer to question 1, in drawing up the Code the Working Group faces a fundamental choice as to whether the Code is intended to be responsive to a natural range of stakeholders (as firms' existing governance arrangements are), or whether it is to be focussed on the needs of the shareholders of public interest entities audited by a firm. If the latter, which we favour for pragmatic reasons, the Code has to be created with no history and no best practice, because no firm to our knowledge has an existing governance approach giving primacy to such remote stakeholders.

We have no doubt that such a Code can be created, but it is a reason for cautioning against anything other than a voluntary Code with appropriate flexibility.

Matters on which Specific Comments are Requested

In this section of our response we answer the specific questions posed in the Paper.

Stakeholders of firms that audit public interest entities


Which groups of stakeholders do you think the Audit Firm Governance Code should primarily serve and in what ways, if any, do they have differing interests?

The answer to this question depends directly on whether the Code is intended to be responsive to a natural range of stakeholders, or whether it is to be focussed on the needs of the principal stakeholders of public interest entities audited by a firm; a firm's partners are the principal natural stakeholders, otherwise, the shareholders of audit client companies are the principal stakeholders.

For pragmatic reasons we suggest that, at this stage of the development of audit firm governance, the Code should be orientated to the shareholders of audit client companies as they are the focus of the Combined Code. This simplifies the Code by avoiding the need to achieve a balanced response to a range of stakeholders. Other stakeholders may benefit from the Code and we include in this context the owners of the firm and directors of public interest entities including their audit committees.

Risk management


What approach should a Combined Code-style Audit Firm Governance Code adopt to risk management and internal control?

We agree with the analysis in the Paper that effective risk management and internal control are critical to the success and sustainability of an audit firm; accordingly, the Code should address this together with appropriate disclosure.

As the Paper points out, audit firms are heavily regulated and stakeholders have access not only to financial statements but also to a range of information that concentrates on audit quality. Of particular current interest is reporting by the Audit Inspection Unit on certain firms. For example, in the public report on the 2007/8 inspection of KPMG LLP and KPMG Audit PLC (issued 8 December 2008) the findings begin:

'KPMG has demonstrated its commitment to audit quality in the implementation of its business strategy, the continued enhancement of procedures and controls and the tone and content of external and internal communications.'

We expand on this answer in our response to questions 4 and 5.

As a by-product of the Audit Firm Governance project, we suggest that the Working Party could make suggestions as to how firms can present information to stakeholders so that a complete picture is apparent. Indeed, in drawing up the Code, it would not be efficient to specify the provision of any information to stakeholders that is already available in another form.


To what extent do the firms face unique issues in discussing their principal litigation and claims risks without causing damage to the sustainability of the firm?

Litigation and claims risks are both fundamental to a firm's continuing existence and of particular relevance to the auditing profession, which may face claims of disproportionate magnitude, as litigants to seek to recover losses in relation to the audited company rather than the cost of the audit.

We are sympathetic to the argument in the Paper that requiring disclosures could result in adverse consequences for a firm and might even impact its sustainability. Given the strong link between the current Project and the objective of certain of the recommendations of the MPG, to reduce the risk of an audit firm leaving the market without good reason, it would be a terrible irony if application of the Code were to precipitate such an event. The need for commercial confidentiality should be recognised.


Do you agree that the Audit Firm Governance Code should focus on risk management and internal control of the firm as a whole including its non-audit business and, if not, what alternatives would you propose?

In our answer to question 1 we drew a distinction between whether the Code is intended to be responsive to a natural range of stakeholders, or whether it is to be focussed on the needs of the principal stakeholders of public interest entities audited by a firm. If the former, it would be necessary to consider matters for the firm as a whole. If the latter, it would be possible to report in relation only to the audit practice, but we do not think that is an appropriate entity to which to restrict governance measures.

The firm as a whole would also be synonymous with the UK entity presenting financial statements and a transparency report.

There are additional complexities in that it may not be practicable to implement corporate governance arrangements for the UK firm alone as organisational structures may be on a wider basis. We address these in our answer to question 5 below.

As set out in our answer to question 6, although not directly under the control of the firm, it is vital that risk assessment extends to the possible impact of risks in network structures.

International structures of the firms


In the case of a UK firm that is part of a regional or an international structure, should the Audit Firm Governance Code specify the level at which it is applicable or should the firm be given some discretion to determine the level at which it applies the Code, explaining why this level has been chosen?

Ideally, governance should take place and be reported in relation to the UK firm: a scope equivalent to that of other relevant information (principally the financial statements and the transparency report).

Where, because of an international structure, that is not the most effective approach, firms should be free to apply the code at a higher level. This should not be a requirement because of the extra-territorial implications.

Reporting (including stakeholder engagement) should nevertheless be in relation to the UK firm.


Do you think that the Audit Firm Governance Code should contain code principles and/or code provisions covering an audit firm's dependence on, and exposure to the risks of, other network members and how it ensures consistent quality and application of auditing standards?

It is vital that the Code recognises that, although not directly under the control of the firm, risk assessment properly extends to the potential impact of risks in network structures. Such risks are a particular feature of the auditing profession and are of interest to stakeholders.

The Code should acknowledge that a basic description of network arrangements is required in transparency reports.

The matter of consistent quality and application of auditing standards by other network members is best considered as part of the more-specific audit quality reporting as it is within the scope of AIU reports.

Governance structures and independent non-executives


In principle, do you think that the Audit Firm Governance Code should support the appointment of independent non-executives by the firms and, if so, what might it say on the number or proportion of non-executives and their position, role and responsibilities in a firm's governance structure?

At least one firm has already appointed independent non-executive directors whereas another is on record as strongly defending its use of a supervisory board that only includes partners in the firm. We do not believe that firms could achieve a consensus on best practice regarding appointment or the role of non-executive directors; nor do we believe that the time is right for the Code to introduce any expectation that independent non-executives will be appointed.

ACCA supports the principle of having non-executive directors on the unitary boards of listed companies but we have strong reservations about the need for them in an oversight function where a supervisory board is providing oversight and the members of that board are seasoned professionals used to exercising independence of thought. Clearly, non-executive directors may bring other insights to the board and the Code should not stand in the way of their appointment.

It will be of interest in the planned review of the Combined Code to see what evidence can be put forward concerning the value of non-executive directors as the current problems facing UK banks have highlighted once again that non-executive directors cannot or will not necessarily protect organisations from risk or ensure that a strategy is sound.


Other than matters related to auditor independence, are there any barriers, regulatory or otherwise, to the appointment of independent non-executives to firms?

If the Code were to apply to all firms that audit public interest entities and require the appointment of NEDs there would be a disproportionate cost burden on smaller firms. A similar position has been recognise in the Combined Code, which is applied differently by companies below the FTSE 350.

In view of our response to question 7 above we do not elaborate further on the practical difficulties that could arise in relation to the appointment of NEDs.


What other governance structures and models are there that provide for independent oversight which might be considered by the Audit Firm Governance Working Group?

The Policy Governance Model articulated by John Carver might be worth considering. It clearly distinguishes management from governance and offers a useful focus for the governing body of an organisation as well as a system for delegation by that body to management.

Scope of firms to be covered


In order to determine which firms the Audit Firm Governance Code applies to, should the definition of a public interest entity be based upon the narrower listed company market definition used for transparency reporting purposes or the wider definition used by the AIU or some other definition?

The question takes as its starting point the wording of recommendation 14 of the MPG's final report in which the scope of application is 'every firm that audits public interest entities' .

As clearly set out in the Paper, such firms differ considerable in size and in the number of their public interest audit clients. We do not expect that it will be possible for the Code to be created in such a way that it can be applied by all such firms without there being disproportionate costs for smaller firms.

A purely voluntary approach is we suggest likely to serve the needs of the market better, while existing requirements relating to audit quality remain appropriate to promote that for all auditors of public interest entities.

Even with the apparent flexibility allowed by the 'explain' element of disclosure of non-compliance, we question the need to introduce the Code as a requirement for every firm that audits public interest entities.

The genesis of recommendation 14 is the Choice in the UK Audit Market project and realistically the market will not be greatly interested in the governance of audit firms other than those actively seeking to maintain or increase their penetration of the listed company audit market.

If the Working Group decides to retain the proposed wide application of the Code, we favour the definition of public interest entity adopted for transparency reports.


Do you think that a distinction should be made between firms that would be required to apply the Audit Firm Governance Code and firms that would be encouraged to apply it on a voluntary basis and, if so, where should that distinction be drawn?

We would prefer a voluntary basis for all firms.

Implementation and monitoring

Question 12

Based on the assumption that the comply or explain approach will apply, to what extent do you think that the implementation of the Audit Firm Governance Code should be 'left to the market' because owners of the firms and shareholders and directors of listed companies can be relied on to ensure that the firms apply the Code and make appropriate explanations of non-compliance?

It is a matter fro detailed research to determine the extent to which the firms contemplated to be within the scope of the Code have already put in place and disclosed governance arrangements. That will provide an indication of the strength of the market forces that would act as the future enforcement mechanism for the Code. The existence of the Code and attendant changes in the business environment may be expected to increase the focus of the market on audit firm governance. Market forces may need further cultivation or indeed a specific requirement may be needed for the 'comply or explain' disclosures that would drive application of the Code. Such a requirement would be consistent with that in t he Listing Rules .


What need, if any, do you think there will be for:

  • Audit regulations to require the firms to make comply or explain disclosures in relation to the Audit Firm Governance Code?
  • A regulatory or other body to monitor and to check either compliance with the Audit Firm Governance Code or the appropriateness of explanations of non-compliance?
  • Involvement of auditors appointed by the firms?

If a successful market solution can be found, there should be no need for any of these regulatory measures. If disclosures are made in annual reports, firms would be able to invite their auditors to report on certain objectively verifiable elements of the disclosures.


Can you suggest any potential deregulatory measures to eliminate possible duplication that could be linked to the implementation of the Audit Firm Governance Code?

It is important that the interface between the Code and other regulatory requirements is well considered so that duplication is avoided, but we see no justification in removing existing regulation to facilitate what would be expansion of the areas addressed by the Code.

Reporting and communication


What measures should be taken in relation to how and where the firms disseminate information about their application of the Audit Firm Governance Code so as to enhance its usefulness?

We agree with the view in the Paper that '...disclosures that will result from the introduction of the Audit Firm Governance Code will ... enter a crowded reporting landscape.'

In general, when using market forces as the primary enforcement mechanism, we expect reporting in relation to the Code to take place through website dissemination, which should be sufficient.

We favour the introduction of an approach paralleling that for UK companies listed on the Main Market of the London Stock Exchange, for which the Listing Rules require their corporate governance to be described in the annual report and accounts.

The annual report could signpost users to other forms of disclosure relevant to audit quality, although in practice, that may be achieved by the way in which information is presented on the firm's website.


Should the Audit Firm Governance Code call for disclosure of specific matters, such as major changes in governance practices, responses to specific concerns raised by the AIU, and any other matters?

We do not favour the creation of a list of specific disclosures. A principles-based disclosure culture should ensure that significant matters (which would include major changes in governance practices) are addressed.

Areas to be covered by the Code


Are there principles and provisions in the Combined Code which you think are particularly relevant or inappropriate for application to the firms and are there major issues of relevance to the firms that are not included in the Combined Code?

We append ACCA's policy paper Corporate Governance and Risk Management Agenda. It presents ten principles which we believe better take stakeholders into account and would be appropriate for audit firms. We invite the Working Group to use these principles.

In relation to the Combined Code, the main principles in sections A to D of the Combined Code are all relevant (with appropriate rewording 3) to audit firms but the emphasis on each may be considerably different depending on whether or not the Code is focussed on the shareholders of audit client companies. While particular relevance should be attributed to A.1 (the Board) we would also emphasise the relevance of:

A.5 Information and professional development

A.6 Performance evaluation

B.1 The level and make-up of remuneration

C.1 Financial reporting

C.2 Internal control

D.1 Dialogue with institutional shareholders

The main principle of internal control (C.2) will require considerable adaption and should encompass risk assessment of such matters as reputational threats arising from network structure and the firm's control over the quality of its audits. The latter must reflect decisions taken by the Working Group on the interface between the Code and other sources of information for stakeholders on audit quality.


Are there any compelling reasons for departing from the Combined Code structure of preamble, principles and provisions?

Presentation in a similar form to the Combined Code would promote understanding of the Code by those familiar with the former. Having said that, the interactions between the three 'layers' of: main principle, supporting principles and code provisions may not prove entirely suitable for the Code at this early time in its development. Given that the Combined Code is next scheduled for review in 2010, conformity between it and the Code could also be achieved by changing the Combined Code at that time.


Can you provide examples, whether or not derived from the Combined Code, from other non-listed company sectors where you think that appropriate governance codes have been developed, giving information on their potential relevance to the firms?

In our response to question 17 above we invited the Working Group to use the principles in our policy paper Corporate Governance and Risk Management Agenda.


Do you have any other observations about matters not covered by earlier questions that you think would be useful to the Working Group in drafting the Audit Firm Governance Code?

We draw attention to our general comments earlier in this response.

Last updated: 11 Apr 2012