Introduction: In the UK, the Auditing Practices Board (APB) has adopted the ISAs but has in some cases amended them to include areas not covered by the ISAs or to adhere to the UK law. The APB is one of the six boards overseen by the Financial Reporting Council (FRC), which is the independent regulator for corporate reporting and governance in the UK.
UK auditors are expected to follow the other guidance produced by the APB such as auditing practices notes and bulletins.
UK Regulatory Framework
The Financial Reporting Council (FRC) is the UK’s independent regulator for corporate reporting and governance for promoting confidence in corporate reporting and governance.
Objectives of FRC
There are six objectives of FRC. These include promoting:
i. High quality corporate reporting
ii. High quality auditing practice
iii. High quality actuarial auditing practice
iv. High standards of corporate governance
v. Integrity, competence and transparency of the accountancy and actuarial professions
vi. Its effectiveness as a unified independent regulator. Like IFAC, the FRC has a number of boards including Auditing Practices Board (APB). Accounting Standards Board (ASB) and other boards.
Auditing Practices Board (APB)
APB is an independent body committed to leading the development of auditing practice in the UK and Republic of Ireland so as to establish high quality standards of auditing practice to meet the developing needs of users of financial information and ensure public confidence in the auditing process.
International Standards on Auditing ISAs (UK & Ireland)
The APB is responsible for setting UK auditing standards and guidance which spell out the basic principles and essential procedures to be complied with by external auditors in the UK an Republic of Ireland. These standards are known as International Standards on Auditing ISAs (UK & Ireland).
The UK standards are based on ISAs issued by the IAASB except that they are supplemented with additional UK guidance where necessary due to things such as adherence to UK laws and regulations.
Other pronouncements issued by APB
The following pronouncement are issued by APB:
i. Auditing Practice notes. This aims at assisting the auditors in applying general auditing standards to particular circumstances and specific industries e.g. Auditing Practice No. 12 which provides guidance to auditors in relation to money laundering.
ii. Bulletins. This provides auditors with timely guidance on new and emerging issues e.g. Bulletin 2006/6 gives the auditor guidance on the wording of the audit report and Bulletin 2006/5 gives the auditor guidance when auditing a listed company which follows combined code on corporate governance.
iii. Statements for Investment Reporting (SIRs) for providing information on principles and essential procedures with which reporting accountants must follow when conducting and engagement in connection with investment circular (e.g. a prospectus listing a particular circular to shareholders or similar documents) prepared for issue in connection with securities transaction governed wholly or partly by the UK and Republic of Ireland laws and regulations.
iv. Ethical Standards on integrity, objectivity and independence of auditors.
v. International Standard of Quality Control (UK & Ireland) which APB has adopted ISQC 1 produced by IAASB.
Auditing Practices in the US
Following the collapse of Enron in 2001, the Sarbanes Oxley Act (2002) also known as SOX was introduced in the US. SOX dramatically changed the supervision of the auditing profession by establishing the independent Public Company Accounting Oversight Board (PCAOB).
PCAOB supervises auditors of public companies including establishing auditing practice and quality control standards for public company audits, a role which was previously being performed by the American Institute of Public Accountants (AICPA).
The AICPA issued the Generally Accepted Auditing Standards (GAAS) which represented the broadest auditing guidelines for auditors of all US companies. With the establishment of PCAOB, the main focus in US audits has changed from auditing as per US GAAS to auditing in accordance with the standards of PCAOB.
The PCAOB has adopted three auditing standards (and several rules) that are approved by the Securities and Exchange Commission (SEC). these standards don not cover all areas of an audit and consequently the existing standards has been adopted by PCAOB as its interim standards to be sued on an initial, transitional basis.
All companies which are listed on an US stock exchange or are a subsidiary of a listed company must comply with the requirements of SOX an hence must comply with PCAOB regulations.
US-Sarbanes Oxley Act (SOX Act)
In the US, the Sarbanes-Oxley Act (2002) was enacted. This followed a collapse of organizations such as Enron and WorldCom in the US. The issue of the independence of both internal and external auditors has come under close scrutiny. Also governance issues have been addressed by the Act. Briefly, the following key issues are addressed by Sarbanes Oxley Act:
i. External auditors are precluded from providing internal audit services to external audit clients where these are US corporations that are Security Exchange Commission (SEC) registrants listed on the New York Stock Exchange and NASDAQ. Included here are subsidiaries of US corporations and associated entities wherever they may be registered in the world.
ii. The role of audit committees of listed companies has become more critical in managing the threats to auditor independence for both internal and external auditors. e.g. external auditors cannot perform additional services without the approval of audit committee. This includes restrictions on the nature of non audit services that can be performed by external auditors.
iii. Auditors of the listed company will report to and be overseen by a company’s audit committee and not management.
iv. Requirement of an independent external audit of the effectiveness of internal controls affecting the financial reporting of all US listed entities. The external auditor in this case is attesting and reporting on management’s assessment of effectiveness of internal control structures and procedures for financial reporting. This is as per section 404 of SOX Act.
v. Corporate Governance Issues for instance section 302 of SOX Act places sweeping responsibilities on the Chief Executive Office (CEO) and Chief Financial Officer (CFO) to certify in each quarterly and annual report of the US listed companies lodged with SEC:
a. The truth and fairness of reports.
b. The effectiveness of financial reporting controls and that any significant deficiencies in such controls have been disclosed to the auditors and audit committee.
c. Whether nay fraud has occurred involving the management.
d. Whether nay corrective actions have been taken regarding significant deficiencies in controls.
vi. Audit information that must be reported to the audit committee include:
a. Critical accounting policies and auditing practices to be used,
b. Alternative treatment of financial information within Generally Accepted Accounting Principles which have been discussed with management,
c. Accounting disagreements between the auditor and management and
d. Other relevant communications between the auditor and management.
vii. Heavy penalties, including jail sentences and substantial fines may be imposed on any CEO and CFO who fails to comply with these requirements.
OVERVIEW OF AUSTRALIA’S AUDIT REGULATION FRAMEWORK
Regulatory context – Corporations Act 2001
The Corporations Act 2001 (the Act) is the principal legislation regulating companies in Australia. It covers matters such as the formation and operation of companies, duties of officers, takeovers and fundraising.
Australian Securities Exchange (ASX) Listing Rules and Governance Guidelines
AASB Accounting Standards
The Act requires the company’s financial report to comply with the Accounting Standards promulgated by the Australian Accounting Standards Board (AASB. The Act also requires that financial reports present a “true and fair view”. Since July 2005 the standards issued by the AASB have been based on International Financial Reporting Standards (IFRS).
The Auditing and Assurance Standards Board (AUASB) is an independent, statutory agency of the Australian Government, responsible for developing, issuing and maintaining auditing and assurance standards. The mission of the AUASB is to develop, in the public interest, high-quality auditing practice and assurance standards and related guidance, as a means to enhance the relevance, reliability and timeliness of information provided to users of auditing practice and assurance services. Australian Auditing Standards issued by the AUASB are legally enforceable for audits or reviews of financial reports required by, or in accordance with the Corporations Act 2001.
AUASB Auditing Standards
The Act requires the company’s financial report to be audited in accordance with the Auditing Standards made by the Auditing and Assurance Standards Board (AUASB). While not creating obligations for the company, the standards establish the mandatory requirements and provide explanatory guidance for the external auditor of the company. This includes requirements to agree on the terms of the audit engagement, communicate material weaknesses in the design or implementation of internal controls, communicate matters of governance interest and seek representations from management.
International Standards for the Professional Practice of Internal Auditing
The International Standards for the Professional Practice of Internal Auditing are professional standards promulgated by the Institute of Internal Auditors Inc (IIA). These standards provide the basic principles and guidance for providing internal audit services. They are a global set of standards reflecting contemporary best practice for internal auditors that all practicing members of the IIA are expected to follow.
Entities with financial reporting obligations under the Corporations Act are required to prepare a financial report which includes the entity’s financial statements, notes and directors’ declaration. The report must be prepared in accordance with accounting standards and audited by a registered company auditor in accordance with auditing standards. The report must also be lodged with Australian Securities and Investments Commission (ASIC) and the Australian Securities Exchange (ASX) (where applicable). The independent audit process performs a critical and essential function in bestowing credibility and reliability on financial statements. High-quality audits are recognized as being critical to the operation of well-functioning markets.
The Corporations Act establishes a comprehensive statutory regime on auditor regulation, including auditor registration requirements, extensive auditor independence requirements and a strong disciplinary framework.
In 2004, Australia’s auditor regulation framework was significantly strengthened with a number of measures contained in the Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (CLERP 9 Act). These measures included:
i. A comprehensive regime on auditor independence established in the Corporations Act, implementing recommendations of the review on Independence of Australian Company Auditors (the Ramsay report) and the relevant recommendations of the HIH Royal Commission (the HIH report);
ii. Strengthening the auditing standards setting process, and providing these standards with the force of law; and
iii. Strengthening ASIC’s role in relation to surveillance and enforcement of the audit process and financial reporting. ASIC has instituted an ongoing audit inspection program that performs a critical role in ensuring that audit firms are complying with their obligations in relation to auditor independence and audit quality.
In conjunction with the adoption of these measures, Australia also announced that it would adopt International Financial Reporting Standards (IFRS) from 1 January 2005 and that they would have the force of law under the Corporations Act.
Recent reforms to the auditor regulation framework have enhanced the robustness of the regulatory requirements. For example, ASIC’s audit inspection powers were significantly enhanced by the Australian Securities and Investments Commission Amendment (Audit Inspection) Act 2007 which clarified the scope of ASIC’s audit inspection powers and facilitated ASIC entering into joint audit inspection arrangements with foreign audit oversight regulators.
The robust legislative framework in the Corporations Act is supplemented by the professional conduct rules applying to members of the three main professional accounting bodies (CPA Australia, The Institute of Chartered Accountants in Australia (ICAA) and the National Institute of Accountants (NIA)). The professional accounting bodies have established an independent ethical standards board, the Accounting Professional and Ethical Standards Board (APESB), which is responsible for the professional conduct rules applicable to their members.
The Audit Quality Review Board (AQRB) was established as a not-for-profit company in December 2005. The role of the AQRB was to monitor the processes by which its participating audit firms (the Big 4 audit firms) seek to ensure their compliance with audit standards and legal obligations relating to independence and audit quality. In February 2009 the AQRB completed its three-year charter, and has submitted its final report. In his foreword to the final report (dated December 2008), the Chairman of the AQRB made the following observations about the AQRB’s overarching commitment:
AQRB has played a significant role in assisting in public understanding of the audit role. AQRB’s function has been to inspect and make recommendations for changes and improvements to the quality assurance processes by which the Big 4 accounting firms ensure their compliance with auditing standards and related applicable legislation. The ultimate purpose of course is the enhancement of the audit process and effectiveness of the firms’ audits.
Auditor independence is important in the context of audit quality because the independent audit is critical to the credibility and integrity of financial statements. A lack of independence impairs an auditor’s ability to exercise objective audit judgments and affects confidence in the audit process.
Most of the auditor independence provisions are contained in Division 3 of Part 2M.4 of the Corporations Act. However, the requirements relating to the annual independence declaration and the disclosure requirements relating to non-audit services are contained in Divisions 1 and 3 of Part 2M.3 and the auditor rotation requirements are contained in Division 5 of Part 2M.4.
The comprehensive statutory regime on auditor independence in the Corporations Act was introduced by the CLERP 9 Act in 2004. These reforms substantially implemented the recommendations of the review of the Independence of Australian Company Auditors (the Ramsay report) and some of the relevant recommendations of the HIH Royal Commission.
THE LEGISLATIVE FRAMEWORK
The legislative provisions dealing with the registration and regulation of company auditors are located in the following Parts or Divisions of the Law and the ASC Act:
i. Division 1 of Part 3.7 of the Law, which deals with the appointment and removal of auditors and the independence of auditors;
ii. Part 9.2 of the Law, which sets out the pre-requisites for registration as an auditor, the supervisory requirements in respect of auditors and the cancellation or suspension of an auditor’s registration by the CALDB; and
iii. Part 11 of the ASC Act, which deals with the establishment of the CALDB and the manner in which it conducts hearings.
The registration of company auditors is the responsibility of the ASC, which performs the function in accordance with its enabling legislation, the Law and the Corporations Regulations (the Regulations). The Law provides that the ASC will not register a person as a company auditor unless it is satisfied that the person is a fit and proper person to be so registered and that the person has satisfied the minimum educational qualifications and attained the level of practical experience that are required for registration.
Individuals who have been registered as company auditors are subject to an ongoing obligation to advise the ASC of changes in details such as their name, their address and the name or style under which they practice. They are also required, once every three years, to lodge a statement updating the personal particulars contained in the application for registration and any previous statements and provide particulars of up to ten company audits conducted during the period covered by the statement.
RCAs are also subject to the ASC’s ongoing auditors’ surveillance program, which aims to ensure that they perform their duties in accordance with the Law, other statutory requirements, the general law and auditing standards. Where an RCA fails to lodge a triennial statement, ceases to reside in Australia or, in the opinion of the ASC, is incompetent, negligent or otherwise not a fit and proper person to remain registered as a company auditor, the ASC may refer the matter to the CALDB for disciplinary action, including possible de-registration. A decision of the CALDB may be the subject of an appeal to the Administrative Appeals Tribunal (AAT).
COMPARATIVE TABLE ON THE PROVISION OF NON-AUDIT SERVICES
The table below provides an overview of the specific non-audit services that have been specifically addressed in each jurisdiction:
|Preparing accounting records and financial statements. APES 110 paras 290.166-173 Self-review threat||Accounting Services. APB Standard 5: paras 113-125||Bookkeeping or other services related to the accounting records or financial statements of the audit client. Prohibited activity under section 201 SOX Act.|
|Valuation Services APES 110 paras 290.174-179 Self-review threat||Valuation services APB Standard 5 paras 54-58||Appraisal or valuation services, fairness opinions, or contribution-in-kind reports Prohibited activity under section 201 SOX Act|
|Provision of taxation services APES 110 para 290.180 Generally not seen to create threats to independence||Tax services APB Standard 5 paras 62-77 Firms need to assess on a case by case basis Provision of tax services may give rise to a number of threats including self-interest threat, management threat, advocacy threat and self-review threat||Audit firm may engage in tax services provided approved in advance by audit committee: section 201 SOX Act. SEC position is that audit firm can provide tax services to audit clients without impairing the firm’s independence. However, the SEC cautions that merely labeling a service as a ‘tax service’ will not necessarily eliminate its potential to impair independence under the general standard.|
|Provision of internal audit services to audit clients APES 110 paras 290.181-186 Self-review threat||Internal audit services APB Standard 5 paras 39-47||Internal audit outsourcing services Prohibited under section 201 SOX Act|
|Provision of IT systems services to audit clients APES 110 paras 290.187-191 Self-review threat||Information technology services APB Standard 5 paras 48-53||Financial information systems design and implementation Prohibited under section 201 SOX Act|
|Temporary staff assignments to audit clients APES 110 para 290.192 Self-review threat||Not addressed||Not addressed|
|Provision of litigation support services to audit clients APES 110 paras 290.193-195 Self-review threat and possible advocacy and management threats||Litigation support services APB Standard 5 paras 78-80||Legal services and expert services unrelated to the audit Prohibited by section 201 SOX Act|
|Provision of legal services to audit clients APES 110 paras 290.196-202 Self-review and advocacy threats||Legal services APB Standard 5 paras 81-82||Legal services and expert services unrelated to the audit Prohibited by section 201 SOX Act|
|Recruiting senior manager APES 110 para 290.203 Self-interest threat||Recruitment and remuneration services APB Standard 5 paras 83-93||Management functions or human resources Prohibited by section 201 SOX Act|
|Corporate finance and similar activities APES 110 paras 204-205 Advocacy and self-review threats||Corporate finance services APB Standard 5 paras 94-105 Transaction related services APB Standard 5 paras 106-112 Also identifies management threat||Broker or dealer, investment adviser, or investment banking services Prohibited by section 201 SOX Act|
|Not addressed||Actuarial valuation services APB Standard 5 paras 59-61 May give rise to self-review threat||Actuarial services Prohibited by section 201 SOX Act|
The approach taken in each jurisdiction can be summarized as follows:
i. The auditor rotation requirements in each jurisdiction extend to the lead engagement auditor and the review auditor.
ii. Australia, the UK and the SEC rules require rotation after five successive years. Australia has an additional requirement that a lead or review auditor must not audit a particular audit client for more than five out of seven successive years.
iii. Australia has adopted a two year time-out period before a ‘rotated’ auditor is allowed to resume involvement with the same audit client. The UK and the SEC have adopted a five year time-out period.
iv. The SEC rules provide an exemption from the rotation requirements for smaller audit firms (fewer than five audit clients and less than ten audit partners) provided the PCAOB conducts a review at least once every three years of each of the firm’s audit client engagements.
v. None of the jurisdictions require audit firm rotation.
There is substantial underlying equivalence between the UK, US and Australian requirements. It is noted that:
i. The requirements or suite of rules in the recommendations are comprehensive in all three jurisdictions.
ii. The SEC Rules (and to a lesser extent the Institute of Chartered Accountants of Ontario ICAO Rules) contain some additional, more prescriptive rules relating to equity holdings in the audit client.
The most significant difference in approach is that the SEC Rules have generally moved away from an ‘all partner’ approach and have introduced a ‘covered person’ approach which ensures that only those partners with a close connection with the audit of an audit client would be subject to a particular restriction. The approach adopted by the SEC in relation to financial relationships can be compared with the position in Australia and the UK which have retained the ‘all partner’ approach, except in relation to the restrictions applying to loans and guarantees where a more limited range of prohibited relationships apply.
Other debtor/creditor relationships
The Australian requirement has been a part of the corporations regulatory landscape for many years. The general approach in the CLERP 9 Act in relation to financial relationships in the context of auditor independence is to frame exceptions on the basis of an arrangement being in the ‘ordinary course of business’ and ‘on normal terms and conditions’ rather than the prescriptive approach adopted by the SEC.
Prohibited business relationships
The requirements in Australia focus on the financial interest created by the business relationship being immaterial and the relationship itself being insignificant to the audit firm and the audit client.
The requirements in the United Kingdom and the US will only permit purchases of goods and services in the ordinary course of business, in the case of the United Kingdom, and in the case of the US, professional services to the audit client or where the audit firm is a consumer in the ordinary course of business.
Australian Institute of Company Directors (AICD) & Auditing and Assurance Standards Board (AUASB) (2009) Going Concern Issues in Financial Reporting: A Guide for Companies and Directors.
Australian Auditor Independence Requirements: A Comparative Review (November 2006). The Treasury, Commonwealth of Australia.
Audit Quality in Australia: A Strategic Review (March 2010). The Treasury, Commonwealth of Australia.
Australian Institute of Company Directors (AICD), Auditing and Assurance Standards Board (AUASB) & Institute of Internal Auditors – Australia (February 2008) Audit Committees: A Guide to Good Practice.