When Carillion went into compulsory liquidation in January 2018, fingers began to point at the auditor of the firm, KPMG. How did it not see this coming? A joint inquiry by the Work and Pensions Committee and the Business, Energy and Industrial Strategy (BEIS) Committee, concluding in May 2018, saw BEIS chair Rachel Reeves MP say that auditors should be “in the dock” for failing to “paint a true picture of [Carillion’s] crippling financial problems”. But how far does an auditor or an accountant’s responsibility stretch in a situation such as this?
Melanie Hind, executive director for audit and actuarial regulation at the Financial Reporting Council (FRC), which is currently investigating KPMG’s audit of Carillion (2014–2017), explains the roles and responsibilities of accountants and auditors.
What is the difference between an accountant and an auditor?
The term ‘accountant’ is a wide one. In the UK, it’s not a regulated term, so anyone can call themselves one, and set up shop on the high street. It’s typically qualified, chartered accountants that draw up a company’s annual report and accounts, for example, but there are many accountants who might be insolvency practitioners, who provide corporate financial advice, or personal financial advice under different regulatory regimes.
Being a statutory (external) auditor is a reserved function. You can’t call yourself a statutory auditor without an appropriate qualification and ongoing registration. To become an auditor, you have to be a qualified accountant, but you also have to meet requirements in terms of length and type of practical experience in audit, ongoing professional development and education, and be a member of a recognised accountancy body through which you can be held to account. In the UK, the FRC is responsible for overseeing this regulatory regime.
How much responsibility does an auditor have?
The audit opinion is about financial statements that an entity has issued. Those statements show the performance and profitability of the entity in the audit period (usually a calendar year). The entity also shows what the balance sheet looks like at the end of the year. The directors of the entity give an opinion that the financial statements present a true and fair view. The auditor gives a true and fair opinion also.
Auditors are trained to be sceptical about the accounts, but not cynical. They have to think through where the risk of fraud is. If you were trying to carry out a fraudulent transaction, how would you do it? Auditors must be alert to all those elements. The auditing qualification is equivalent to a degree-level qualification, and for many people it’s their second degree. The businesses that are being audited can be incredibly complex.
The directors and auditor don’t provide a definitive opinion on whether the firm will stay in business or go bust. That said, the directors of the company are under an obligation to think about whether they are a ‘going concern’ – this means there are options available so the company will continue in existence for a period of at least 12 months from the date of signing the financial statement. If they are not a going concern, they need to provide their financial information in a different way – a ‘break-up’ basis. Where there are significant doubts or uncertainties about the going concern basis of accounting, the directors need to disclose that.
The auditor is under an obligation to critically assess the directors' going concern assessment and disclosure and to report on concerns. Depending on the gravity of those concerns, that can be by highlighting them or by qualifying their opinion.
The FRC’s corporate governance code, for premium list companies, goes beyond these base legal and standards requirements. Unique to the UK, the Code requires directors to give a longer-term viability statement setting out the period over which the entity is reasonably expected by the directors to remain in business and setting out the rationale for that period and the assumptions underlying the directors' assessment.
In the companies that are giving this type of disclosure, the auditor is under an obligation to look at that disclosure and be satisfied that the disclosure is consistent with what they’ve seen in their audit work.
It’s a form of negative comfort. They’re not saying the viability statement is assured and it’s fine, but if there is something in it that is inconsistent with their knowledge, they’re under an obligation to call it out.
Companies do go bust, and in those circumstances the FRC, for public interest entities, will most likely review the situation and decide whether there is good reason to investigate the audit. The FRC enforces if the auditor has breached relevant requirements.
What is the responsibility of an accountant in this scenario?
It’s different for qualified, chartered accountants who are not auditors. For example, finance directors and members of audit committees. For auditors, a lot of the details are codified in audit standards or in law, and the FRC can take action if there has been a breach of law or standard. But for an accountant, a less clear test applies. The FRC must be able to demonstrate that the accountant acted in a way that is defined as misconduct, which means that no other professional would have reasonably acted in the way that they did. The FRC has said that it would like the threshold for action against those members in business to be aligned to that for auditors.
What are some warning signs that might throw up red flags for an auditor?
It’s not as straightforward as that. Auditors are expected to think through very carefully what the risks are to financial statements. The auditor has to think: "Where might there be a misstatement?" It could be through error, fraud, or inappropriate judgement.
When you’ve got global, complex businesses with complicated contracts, it’s recognising when to take income and when to take profit, so it can be a complex judgement. The auditor needs to think through where those risks are.
In doing that, they will look at indicators of financial soundness. They are trained to look at things such as: are there incentives for management? Is there management bias? For example, if the management team gets a bonus if revenue was £100m and last year it was £50m, then is there an incentive to record revenue that is fictitious? What checks and balances have operated to ensure the incentive has not driven inappropriate behaviour?
Do you think there is an issue of auditors or accountants not speaking up when they have found a problem?
Of course it has happened. There have been investigations and people have been held to account, but do I think it’s a systemic issue? Absolutely not.
At the FRC, we inspect the audit firms and the work supporting audit opinions. The professional bodies act as our delegates and go into some of the smaller firms and do that. The system is set up to ensure that there is monitoring and review, and to ensure that there isn’t a systemic problem. I think it’s really important that auditors and chartered accountants serve the public interest, and speak up. In the case of the auditor, it’s their obligation to speak up.
About the expert
Melanie Hind is the executive director for audit and actuarial regulation at the Financial Reporting Council (FRC). Previously she held positions as CRO of Friends Life group and partner at PwC.
Why is the FRC enhancing the monitoring systems of the six largest audit firms?
In June 2016, the UK government designated the FRC as the competent authority for statutory audits in the UK, and the body now oversees the audit market.
We’ve done a thorough review of all our processes and procedures, and we’ve looked carefully at the fact that we’ve been reviewing the quality of individual audit engagements for over a decade now. We have made marked improvements in audit quality, but we still feel that you can never be complacent and there is a need for further improvement.
Also, the UK audit market is the second largest capital market in the world, so it’s important in terms of financial stability. We have a concentrated market: 99% of the FTSE 350 companies are audited by the ‘big four’ auditing firms – KPMG; Deloitte; PwC; and EY. We need to make sure that not only is there sufficient quality of audit available, but sufficient capacity of audit available.
Capital markets will dry up if they’re not able to get the assurance that’s required, so we’ve thought through quite carefully the fact that we’ve got a responsibility to monitor the audit market, and to safeguard against the demise of audit firms. Bearing in mind that we’re not, in the law, given significant powers to do anything, we have devised a monitoring regime where we can at least be alert to where some of the risks may be, and use the power and influence of others to take action. We are focusing on the culture and leadership of the audit firms, and raising it up a level from looking at individual audit arrangements.
What changes have you seen happen in the past few years in auditing and accounting?
Technology is having an impact. Auditors need to be able to look at enough evidence to reach a reasonable conclusion, because you cannot get to each and every transaction. However, technology now potentially has the ability to enable you to get to each and every fraction and to be able to scrutinise it and cross-check the data. This could mean it is harder to hide things. I can see audits becoming much more forensic, and the UK firms are in the lead of developing this technology. It is not yet in widespread use, but, like all things with technology, I expect it will take off in the not too distant future.
Seen a blog, news story or discussion online that you think might interest CISI members? Email firstname.lastname@example.org