The syllabus for P7 (INT), Advanced Audit and Assurance contains the following learning outcome:
Outline and explain the need for the legal and professional framework including:
i) public oversight of audit and assurance practice
ii) the role of audit committees and impact on audit and assurance practice.
Note: the syllabus and study guide for the UK adapted paper is worded slightly differently in that they refer to jurisdiction specific Corporate Governance Code. For both INT and UK and IRL adapted papers, the UK Corporate Governance Code is included in the list of examinable documents, as is the UK Financial Reporting Council Guidance on Audit Committees (Revised September 2012) as examples of guidance on best practice in relation to corporate governance principles and specific guidance in relation to audit committees. For the SGP adapted exam, The Singapore Code of Corporate Governance is the relevant code of best practice.
Candidates attempting P7 are expected therefore to be conversant with corporate governance principles, many of which they will have seen in previous exams F8, Audit and Assurance and P1, Governance, Risk and Ethics. The focus in P7 is on the impact that corporate governance principles and practice can have on the audit process, and this article explores some of these issues.
Corporate governance is the system by which organisations are directed and controlled. It encompasses the relationship between the board of directors, shareholders and other stakeholders, and the effects on corporate strategy and performance. Corporate governance is important because it looks at how these decision makers act, how they can or should be monitored, and how they can be held to account for their decisions and actions.
The published audited financial statements and related information are therefore of key importance. They will usually be the main information set to which shareholders and other stakeholders have access and this is why having credible financial statements supported by the auditor’s opinion is crucial.
Many regulatory authorities, including the UK, use a code of best practice, often termed a ‘comply or explain’ approach to corporate governance. Under this approach the regulatory authority issues a set of principles with which company directors of listed companies are expected to comply. In many jurisdictions disclosures are required in the financial statements to demonstrate compliance. Non-compliance is not expected, but in its event, the facts of the non-compliance must be clearly disclosed and explained.
In some jurisdictions, such as the US, a more prescriptive approach is used, whereby corporate governance requirements are set by legislation. Both the principles and the legislative approaches are broadly similar in the matters they address. They both deal with the importance of the board of directors having a balanced structure, emphasising the need for non-executive directors, and for robust procedures in relation to the appointment of board members, and their remuneration. They both describe the merits of audit committees and the need to monitor the effectiveness of internal controls. They both demand disclosure about these and other matters in the annual report.
The content of the UK and Singapore Corporate Governance Codes are very similar and for the purpose of this article the principles and provisions of the UK Code will be used to highlight some of the key areas that the board should consider when assessing their system of corporate governance.
The Code comprises five sections, each containing main principles:
Every company should be headed by an effective board which is collectively responsible for the long-term success of the company, and should lead and control the company’s operations.
There should be a clear division of responsibilities at the head of the company, which will ensure a balance of power and authority, such that no one individual has unfettered powers of decision.
Non-executive directors should constructively challenge and help develop proposals on strategy. The board should include a balance of executive and non-executive directors such that no individual or small group of individuals can dominate the board’s decision taking.
The board and its committees should have the appropriate balance of skills, experience, independence and knowledge of the company to enable them to discharge their respective duties and responsibilities effectively.
There should be a formal, rigorous and transparent procedure for the appointment of new directors to the board. All directors should receive induction on joining the board and should regularly update and refresh their skills and knowledge.
All directors should be submitted for re-election at regular intervals, subject to continued satisfactory performance.
The board should present a balanced and understandable assessment of the company’s position and prospects. For UK companies, this is also required by the Companies Act 2006, which requires that the directors disclose a business review as part of the directors’ report to be included in the financial statements.
The board should maintain sound risk management and internal control systems. The board should establish formal and transparent arrangements for considering how they should apply the corporate reporting and risk management and internal control principles and for maintaining an appropriate relationship with the company’s auditor.
Levels of remuneration should be sufficient to attract, retain and motivate directors of the quality required to run the company successfully, but a company should avoid paying more than is necessary for this purpose. A significant proportion of executive directors’ remuneration should be structured so as to link rewards to corporate and individual performance.
There should be a dialogue with shareholders based on the mutual understanding of objectives. The board as a whole has responsibility for ensuring that a satisfactory dialogue with shareholders takes place. The board should use the Annual General Meeting to communicate with investors and to encourage their participation.
The audit committee is such an important part of corporate governance that it is the subject of its own guidance document in the UK, the Financial Reporting Council’s Guidance on Audit Committees. The audit committee should be made up of at least three independent non-executive directors, one of whom should have recent and relevant financial experience. The committee has many roles, including several that are specifically related to the external auditor, which are discussed below.
The audit committee should monitor the integrity of the company’s financial statements and any formal announcements relating to the company’s performance. Significant financial reporting judgements should be specifically reviewed. This means that committee members should scrutinise all published financial information, and question and be ready to challenge the finance director and external auditors on any contentious matters arising.
The audit committee members have responsibility to review the company’s internal financial controls and systems, and the risk management systems, unless there is a separate risk committee.
Most large companies have an internal audit function, in which case the audit committee should extend its monitoring role to include that function, including the evaluation of the effectiveness of that function.
Where there is no internal audit function, the audit committee should consider annually whether there is a need for internal audit and make a recommendation to the board, and the reasons for the absence of such a function should be explained in the relevant section of the annual report.
Finally, the audit committee plays a part in fraud prevention and detection in that whistleblowing arrangements should be made so that staff of the company may raise concerns about possible improprieties in respect of financial reporting matters.
The audit committee has specific responsibilities in respect of the external auditors, including recommending the appointment, reappointment and removal of the external auditor, approving fees paid for audit and non-audit services, and agreeing on the terms of engagement with the external auditor. A point specific to the UK adapted paper is that following a revision to the UK Corporate Governance Code in 2012, there is now a requirement for FTSE 350 companies to put the external audit out to tender every 10 years.
One of the key issues is that the audit committee should annually assess the independence, objectivity and effectiveness of the external audit process, considering of the ethical framework applicable in the jurisdiction in which the organisation is operating. The audit committee should report annually to the board on their assessment with a recommendation on whether to propose to the shareholders that the external auditor be reappointed. The audit committee section of the annual report should also discuss the annual assessment of the external audit process by the audit committee and also include information on the length of tenure of the current audit firm, when a tender was last conducted, and any contractual obligations that acted to restrict the audit committee’s choice of external auditors.
In relation to potential threats to objectivity, the audit committee should seek reassurance that the auditors and their staff have no financial, business, employment or family and other personal relationship with the company which could adversely affect the auditor’s independence and objectivity. The audit committee should seek from the audit firm, on an annual basis, information about policies and processes for maintaining independence and monitoring compliance with relevant requirements, including current requirements regarding the rotation of audit partners and staff.
The audit committee should be involved at all stages of the audit, to obtain comfort that a quality audit will be performed. The Guidance on Audit Committee specifically requires the following to take place:
At the start of each annual audit cycle, the audit committee should ensure that appropriate plans are in place for the audit. This includes consideration of planned levels of materiality, and the proposed resources to execute the plan, having regard also to the seniority, expertise and experience of the audit team. In practice this means that before any audit fieldwork takes place, the audit firm should meet with the audit committee to discuss the audit strategy and audit plan, demonstrating that auditing standards and quality control principles have been adhered to in their development.
The audit committee should review, with the external auditors, the findings of their work. In the course of its review, the audit committee should discuss with the external auditor major issues that arose during the course of the audit and have subsequently been resolved and those issues that have been left unresolved; review key accounting and audit judgements; and review levels of errors identified during the audit, obtaining explanations from management and, where necessary, the external auditors as to why certain errors might remain unadjusted. The audit committee should review and monitor management’s responsiveness to the external auditor’s findings and recommendations. Thus, all key audit findings should be shared with the audit committee and discussed with them as the audit progresses.
At the end of the annual audit cycle, the audit committee should assess the effectiveness of the audit process, by:
In summary, the audit committee carefully monitors the conduct of the audit, and plays an important part in ensuring the quality and rigour of the external audit of the financial statements.
Specifically, the audit committee should develop and implement a policy on the engagement of the external auditor to supply non-audit services, taking into account the relevant ethical principles and requirements. The audit committee’s objective should be to ensure that the provision of such services does not impair the external auditor’s independence or objectivity. The audit committee should consider:
The audit committee should set and apply a formal policy specifying the types of non-audit service:
One of the non-audit services specifically referred to in the Guidance on Audit Committees is the provision of internal audit by the external auditor. If the external auditor is being considered to undertake aspects of the internal audit function, the audit committee should consider the effect this may have on the effectiveness of the company’s overall arrangements for internal control and investor perceptions in this regard.
Candidates preparing to attempt P7 should be familiar with the corporate governance principles outlined in this article, and they are encouraged to read the source documentation to obtain a full understanding of general corporate governance principles and the role of audit committees in particular. It is the impact of these matters on the audit process that is particularly important to understand, and candidates should be ready to include points relating to corporate governance in their answers where appropriate.
Written by a member of the P7 examining team