Banking Crisis - Treasury Contents


Supplementary memorandum from the Financial Reporting Council

THE BANKING CRISIS—AUDITORS

  During the discussion at the Treasury Committee meeting on 28 January 2009 about the impact on auditor independence of auditors providing services in relation to the securitisation of loans or mortgages to the banks they audit, I agreed to write to you to provide additional information about the steps being taken on this within the Financial Reporting Council (FRC).

Audit quality

  In pursuit of our overall aim of promoting confidence in corporate reporting and governance the FRC has specified the outcome which it seeks in relation to auditing, which is that "Users of audit reports can place a high degree of reliance on the audit opinion, including whether financial statements show a true and fair view."

  Although there is widespread agreement that "audit quality" is important, there is a lack of a common understanding of the components of audit quality. In order to promote a better understanding of the components of audit quality the FRC published a Discussion Paper ("Promoting Audit Quality") in November 2006. The paper identified four main components within audit firms (the culture within the firm, the skills and personal qualities of partners and staff, the effectiveness of the audit process and the reliability and usefulness of audit reporting) and several factors outside the control of audit firms, including the approach to corporate governance taken by the auditor's clients.

  The Auditing Practices Board (APB), which is one of the operating bodies within the FRC and whose constitution establishes its independence from the audit profession, has promulgated, following public consultation, a series of Ethical Standards which are designed to underpin audit quality by establishing what is required to provide confidence in the integrity, objectivity and independence of auditors.

Current requirements of ethical standards

  In addition to the general principles that apply to all non-audit services, the APB's Ethical Standards contain a number of specific requirements or prohibitions in relation to particular categories of services. One such category is "transaction services", of which services in relation to securitisation transactions are an example. The APB's current Ethical Standards prohibit any transaction services where:

    —  There is reasonable doubt as to the appropriateness of a related accounting treatment.

    —  Such services are provided on a contingent fee basis and:

    —  The fees are material to the firm; or

    —  The outcome is dependent on a future or contemporary audit judgment; or

    —  The engagement would involve the firm undertaking a management role.

  It appears to me that from our discussion last week that the Committee is particularly concerned where services are provided by auditors with the objective of taking transactions off balance sheet. The APB's standards address this issue in the first bullet above where the transaction gives rise to doubt as the appropriate accounting treatment.

Nature of services provided by the auditors of Northern Rock

  A particular focus of the debate has been on the additional services provided by PricewaterhouseCoopers (PwC) to Northern Rock in 2006. In the 2006 Northern Rock financial statements this work is described as "verification of historical financial information and the performance of certain agreed upon assurance procedures for securitisation transactions".

  Following publication of the Treasury Committee's report "The run on the Rock" dated 24 January 2008, the staff of the APB have discussed the services provided with PwC.

  One noteworthy feature of the approach taken by Northern Rock was that although they used a securitisation structure ("Granite") the mortgages that were securitised were included in the Northern Rock's consolidated financial statements (ie they remained "on balance sheet").

  It is our understanding that the PwC work undertaken typically comprised:

    (a) Agreed upon procedures whereby details of the mortgage pool were verified to original documentation on a sample basis. This provides assurance to investors that information on mortgage characteristics (eg postcode of a property, or the ratio of the loan to the value of the property) has been recorded accurately on the tape of data used to compile the mortgage pool.

    (b) Confirmation that any analyses of the mortgage pool presented in prospectuses or investor presentations had been performed accurately.

    (c) Tests to confirm that controls and other administrative procedures had been performed for those securitisations that are marketed in the US. This work is required by the US Securities and Exchange Commission.

  The APB understands that PwC did not advise on the accounting treatment of the securitisations and, indeed, as the securitisations remained on balance sheet,that there were no complex accounting issues.

  The work was, therefore, similar in nature to both audit work and the work which a reporting accountant (most commonly the auditor) performs on prospectuses used by companies raising external finance by way of bond or rights issues. Based on this understanding of the work undertaken, the services of the nature of those provided by PwC to Northern Rock in 2006, do not breach either the principles or the specific requirements of the APB's current Ethical Standards and are not incompatible with PwC's role as independent auditor.

Re-consideration of the Ethical Standards

  Notwithstanding that analysis, and having regard to the Committee's recommendation, the APB has considered whether the services provided by PwC should be prohibited in the future. Because such services are in essence, no different to routine audit work, the APB does not believe that the Ethical Standards should be varied to prohibit them.

  It might, however, be possible to imagine other circumstances where services in relation to securitisation transactions should be prohibited by the Ethical Standards.

  Therefore during 2008, the APB considered whether changes need to be made to its Ethical Standards to broaden the circumstances in which transaction services, including those relating to securitisation transactions should be prohibited. Its present conclusion is that where services are not inconsistent with the objectives of the audit of the financial statements, there do not need to be substantive changes to the current Ethical Standards.

  The APB's conclusion, and the reasons for it, will be set out in a public Consultation Paper to be issued within the next month and stakeholders will be asked whether they support the analysis and conclusion. In particular, the Consultation Paper will ask whether respondents are aware of any other characteristics of transaction services that should be added to the list of criteria warranting the prohibition of the services concerned.

  I will communicate to the Treasury Committee the results of this consultation and the action that the APB plans to take as a result.

Importance of retaining principles based approach

  It is important that ethical standards remain principles based. Principles based standards are more difficult to circumvent than standards that contain a large number of specific rules and prohibitions. This is particularly important in relation to non-audit services because of the large number of different services that can be provided and the way that these services are tailored to a particular client situation. As a result, it will never be feasible for a standard setter to develop rules to cover all possible situations. Any attempt to do so could easily be overcome by audit firms "repackaging" their services so a prohibited service appears to be permissible.

  At the Committee's hearing on 28 January members of the Committee questioned PwC about its reaction to the 2008 report of the FRC's Audit Inspection Unit (AIU) in which the AIU publicly criticised PwC for having a policy which in the AIU's view was contrary to the principle that auditors should not be incentivised for selling non-audit services to their audit clients despite there being no clear breach of an ethical rule. The AIU's approach demonstrates both the importance of principles based ethical standards and that it will not shy away from ensuing that they are adhered to.

Further information

  To provide a fuller context for these observations I enclose a report that describes:

    1. the work that the FRC has undertaken to more fully understand, and explain, the different components of audit quality;

    2. the origins of the APB's Ethical Standards for Auditors and the work the APB has subsequently undertaken to satisfy itself that they remain "fit for purpose";

    3. the importance of the ethical standards fostering a principles based approach; and

    4. The analysis that has been undertaken by the APB when considering whether securitisation services, of the nature PwC provided to Northern Rock in 2006, needed to result in changes to its standards.

  I hope that you will find this letter and the enclosed report to be of assistance as the Committee considers the evidence that it has obtained during its inquiry into the banking crisis. If you would like any further information on the FRC's thinking regarding securitisation services supplied by bank auditors, or indeed any other matter within the FRC's remit, I would be pleased to provide it.

Paul Boyle

Chief Executive

February 2009

Annex

SECURITISATION SERVICES SUPPLIED BY BANK AUDITORS

1.  INTRODUCTION

  1.1  This paper sets out the context for the Auditing Practices Board (APB)'s conclusion that securitisation services, of the nature provided by PricewaterhouseCoopers (PwC) to Northern Rock plc (Northern Rock) in 2006, are not inconsistent with the objectives of an audit of the financial statements and need not be prohibited unless:

    —  There is reasonable doubt as to the appropriateness of an accounting treatment;

    —  Such services are provided on a contingent fee basis and:

    —  The fees are material to the firm; or

    —  The outcome is dependent on a future or contemporary audit judgment; or

    —  The engagement would involve the firm undertaking a management role.

  1.2  In particular this paper describes:

    —  The work that the Financial Reporting Council (FRC) has undertaken to more fully understand, and explain, the different components of audit quality;

    —  The origins of the APB's Ethical Standards for Auditors (ESs) and the work the APB has subsequently undertaken to satisfy itself that they remain "fit for purpose";

    —  The importance of the ESs fostering a principles based approach; and

    —  The analysis that has been undertaken by the APB when considering whether securitisation services, of the nature PwC provided to Northern Rock in 2006, needed to result in changes to its ESs.

2.  AUDIT QUALITY

  2.1  Public confidence in the operation of the capital markets depends, in part, on the credibility of the opinions issued by auditors in connection with their audits of financial statements. Such credibility depends on the belief that a high quality audit has been undertaken—however there are differing views as to what is necessary for an audit to be "high quality".

  2.2  Adherence by auditors to rigorous ethical standards is clearly an important aspect of audit quality but there are other factors that also need to be considered. In order to better understand all of the components of audit quality, and to obtain the views of stakeholders as to what steps were needed to maintain and enhance audit quality, the FRC published a Discussion Paper "Promoting Audit Quality" in November 2006. This described the importance of the culture within the audit firm, the skills and personal qualities of audit partners and staff, the effectiveness of the audit process and the reliability and usefulness of audit reporting, as well as several factors outside the control of audit firms, including the approach to corporate governance taken by the auditor's clients.

  2.3  Respondents to the "Promoting Audit Quality" supported the FRC's views as to the main elements of audit quality and, while making a number of suggestions as to how audit quality could be increased, did not call for further curtailment in the provision of non-audit services or for other actions to increase auditor independence.

  2.4  The FRC has used its work on audit quality to issue an Audit Quality Framework (see Appendix 1). The FRC hopes that the Framework will assist audit committees when undertaking their annual review of audit effectiveness, as well as companies, stakeholders and regulators with an interest in understanding audit quality.

3.  THE APB'S WORK ON ETHICAL STANDARDS

  3.1  Prior to the collapse of Enron, auditors applied a Code of Ethics established by their accountancy bodies. In 2002, following Enron, the Government set up the Co-ordinating Group on Audit and Accounting Issues (CGAA) to review the UK's regulatory arrangements for statutory audit and financial reporting.[85]

  3.2  The provision of non-audit services by auditors was one of the topics considered by the CGAA and the relevant extract from their findings is set out in Appendix 2. One of the CGAA's conclusions was that UK requirements should continue to be based on principles rather than rules.

  3.3  The CGAA also recommended that the responsibility for setting standards for auditor independence should be given to a body independent of the professional accountancy bodies. The APB, which was established in 1991, to set auditing standards independent from the auditing profession, was the obvious body to set ethical standards as the majority of its members are not practicing auditors (see Appendix 3).

  3.4  After extensive consultation,[86] the APB finalised the ESs in October 2004. The ESs are consistent with the CGAA's recommendations in that they:

    —  Are based on principles and adopt a threats and safeguards approach.

    —  Strengthen the restrictions on certain non-audit services—in particular those highlighted by the CGAA.

    —  Clearly set out the type of safeguards that need to be applied when permitted services are provided.

  3.5  The APB's approach for developing its standards is described in Appendix 4. A particular feature of this approach is that it requires the active involvement of audit committees in the consideration of auditor independence. This fits with the responsibilities of audit committees of listed companies as established by the FRC's Combined Code on Corporate Governance.

  3.6  In 2007 the APB undertook a review of the ESs and concluded that they were meeting the needs of stakeholders and working in practice. One of the key factors supporting this view was the fact that the volume of non-audit services supplied by auditors to their clients had reduced significantly during the period, as set out in Appendix 5. The APB's conclusions were supported by stakeholders who responded to the consultation paper[87] on the subject. As a result the APB determined that it could restrict revisions to the ESs to those that were needed to reflect changes in law since 2004 and other, relatively minor, matters to add their clarity.

  3.7  After the APB had completed its review and consulted on the changes that it decided needed to be made to the ESs, the Treasury Committee published its report on its inquiry into Northern Rock. This report raised questions about the provision of securitisation services by a bank's auditor.

  3.8  As some of the changes to the ESs related to changes in company law that took effect on 6 April 2008, the APB decided to finalise the revised ESs in March 2008 and consider securitisation services separately.[88]

4.  IMPORTANCE OF PRINCIPLES BASED STANDARDS

  4.1  While the ESs contain a number of specific requirements and prohibitions (including the prohibition of certain non-audit services) they are also principles based. In particular they require audit teams to analyse all aspects of auditor independence and prevent an audit being undertaken unless the audit engagement partner can conclude that any threats to the auditor's objectivity and independence can be reduced to an acceptable level.

  4.2  Some suggest that a potential weakness of a principles based system is that it is hard to police. In fact the contrary can often be the case. By way of example the FRC's Audit Inspection Unit (AIU) publicly criticised a firm (by coincidence PwC) for having a policy which, in the AIU's view, was contrary to the principle that auditors should not be incentivised for selling non-audit services to their audit clients, despite there being no clear breach of a requirement from the ESs. An extract of the AIU's report on its review of PwC for 2007-08 audits is included as Appendix 6 to this report.

  4.3  A principles based approach is particularly important with respect to the provision of non-audit services because of the large number of different services that can be provided and the way that these services are tailored to a particular client situation. As a result, it will never be feasible for a standard setter to develop rules to cover all possible situations. Any attempt to do so could easily be overcome by audit firms "repackaging" their services so that a prohibited service appears to be permissible.

5.  ANALYSIS OF SPECIFIC NON-AUDIT SERVICES PROVIDED BY THE AUDITOR TO NORTHERN ROCK

  5.1  As noted in the Treasury Committee report of 24 January 2008, for the year ended 31 December 2006, Northern Rock paid £1.8 million in fees to PwC of which £1.1 million related to the group audit and £700,000 related to reporting accountants' services in connection with securitisation transactions.

  5.2  As more fully described in Appendix 7, the work undertaken by PwC in relation to the securitisation services involved the verification of the factual accuracy of information presented in prospectuses and investor presentations and the performance of certain agreed upon procedures. The work was undertaken so that the information provided to potential investors was of an appropriate standard. Over recent years similar work has been undertaken by the auditors of other UK banks and, indeed by bank auditors elsewhere in the world. It is relevant to note that, in the interests of investor protection, in the US there is a specific requirement for annual work to be undertaken on the servicing of securitised assets by an independent accountant.[89]

  5.3  The nature of the work undertaken in respect of securitisation services overlaps, to a degree, with that undertaken by the auditor in its statutory audit and is similar in nature to the work which a reporting accountant (most commonly the auditor) performs on prospectuses used by companies raising external finance by way of bond or rights issues. APB staff understand that the costs of securitisation services would be much greater if this work were to be undertaken by another firm of accountants, to the detriment of the shareholders of Northern Rock. This is particularly the case in relation to the US requirements referred to above.

  5.4  Appendix 8 sets out the APB's assessment of the significance of each of the relevant threats to auditor independence that arise from the supply of the securitisation services of the nature provided to Northern Rock. As a result of this analysis the APB has reached the conclusion that securitisation services, of the nature of those provided to Northern Rock in 2006, are not inconsistent with the objectives of the audit of the financial statements and need not therefore be prohibited unless:

    —  There is reasonable doubt as to the appropriateness of an accounting treatment;

    —  Such services are provided on a contingent fee basis and:

    (a)  The fees are material to the firm; or

    (b)  The outcome is dependent on a future or contemporary audit judgment; or

    —  The engagement would involve the firm undertaking a management role.

  5.5  This conclusion, and the reasons for it will be set out in a Consultation Paper to be issued within the next month and the APB intends to specifically ask stakeholders for their views on its analysis and conclusion.

APPENDIX 1

AUDIT QUALITY FRAMEWORK
DriverIndicators
The culture within an audit firmThe culture of an audit firm is likely to provide a positive contribution to audit quality where the leadership of an audit firm: —  Creates an environment where achieving high quality is valued, invested in and rewarded. —  Emphasises the importance of "doing the right thing" in the public interest and the effect of doing so on the reputation of both the firm and individual auditors. —  Ensures partners and staff have sufficient time and resources to deal with difficult issues as they arise. —  Ensures financial considerations do not drive actions and decisions having a negative effect on audit quality. —  Promotes the merits of consultation on difficult issues and supporting partners in the exercise of their personal judgement. —  Ensures robust systems for client acceptance and continuation. —  Fosters appraisal and reward systems for partners and staff that promote the personal characteristics essential to quality auditing. —  Ensures audit quality is monitored within firms and across international networks and appropriate consequential action is taken.
The skills and personal qualities of audit partners and staff The skills and personal qualities of audit partners and staff are likely to make a positive contribution to audit quality where: —  Partners and staff understand their clients' business and adhere to the principles underlying auditing and ethical standards. —  Partners and staff exhibit professional scepticism in their work and are robust in dealing with issues identified during the audit. —  Staff performing detailed "on-site" audit work have sufficient experience and are appropriately supervised by partners and managers. —  Partners and managers provide junior staff with appropriate "mentoring" and "on the job" training. —  Sufficient training is given to audit personnel in audit, accounting and industry specialist issues.
The effectiveness of the audit process An audit process is likely to provide a positive contribution to audit quality where: —  The audit methodology and tools applied to the audit are well structured and:     —  Encourage partners and managers to be actively involved in audit planning.     —  Provide a framework and procedures to obtain sufficient appropriate audit evidence effectively and efficiently.     —  Require appropriate audit documentation.     —  Provide for compliance with auditing standards without inhibiting the exercise of judgement.     —  Ensure there is effective review of audit work.     —  Audit quality control procedures are effective, understood and applied. —  High quality technical support is available when the audit team requires it or encounters a situation it is not familiar with. —  The objectives of ethical standards are achieved, providing confidence in the integrity, objectivity and independence of the auditor. —  The collection of sufficient audit evidence is not inappropriately constrained by financial pressures.
The reliability and usefulness of audit reporting Audit reporting is likely to provide a positive contribution to audit quality where:
—  Audit reports are written in a manner that conveys clearly and unambiguously the auditor's opinion on the financial statements and that addresses the needs of users of financial statements in the context of applicable law and regulations.
—  Auditors properly conclude as to the truth and fairness of the financial statements.
—  Communications with the audit committee include discussions about:
    —  The scope of the audit.
    —  The threats to auditor objectivity.
    —  The key risks identified and judgements made in reaching the audit opinion.
    —  The qualitative aspects of the entity's accounting and reporting and potential ways of improving financial reporting.


APPENDIX 2

EXTRACT FROM THE FINAL CGAA REPORT, INCLUDING RECOMMENDATIONS IN RELATION TO THE PROVISION OF NON-AUDIT SERVICES TO AUDIT CLIENTS

  1.31  Joint provision of audit and non-audit services poses a significant problem for auditor independence. Auditors supply a wide range of services, including for example corporate finance, tax compliance and planning services, IT, legal services, assurance services and management consultancy services. The ratio of non-audit services supplied to the audit client has increased rapidly in recent years, as the major audit and accountancy firms have developed their range of businesses and have built on the audit relationship. More recently, the separation of the principal accountancy firms from their wider consultancy businesses may change this statistical trend; there are also signs that companies are more reluctant in the post Enron environment simply to look to their auditors as the supplier of choice of additional services.

  1.32  Whilst there is little clear support for the view that joint provision has in fact compromised auditor independence, it undoubtedly raises significant concerns as to the appearance of auditor independence[90].

  1.33  It is common ground that the auditor should not supply non-audit services which involve the auditor in taking management decisions, auditing own work or acting as an advocate for the client in an adversarial situation (other than where the auditor's involvement is trifling or incidental). The more general danger is that the auditor, faced with a potential conflict or tension between the statutory responsibility to the shareholders for the audit, and the commercial pressures resulting from the wish to supply non-audit services, compromises objectivity or is perceived to be doing so. These pressures are of course the greater where the value of the non-audit services is substantial and the desire to retain a significant income stream at their strongest.

  1.34  Set against these concerns, there can be efficiencies in joint provisions and thus restricting the ability of companies to buy, and auditors to provide additional services, may have an economic cost. Joint provision can also enhance audit quality, since the knowledge gained may deepen the auditor's knowledge of the business and its management. And as a matter of basic principle, the choice of supplier of any service should be left to the customer unless there is very good reason for outlawing it. Existing audit regulation is alert to these threats to independence and requires the auditor to reduce the risks to an acceptable level if the non-audit service is to be supplied.

  1.35  In our interim report we concluded against an outright ban on the provision of non-audit services to an audit client, but also that the existing requirements did not offer adequate safeguards against independence threats.

  In order to deliver tougher mechanisms to ensure auditor independence, we recommended that each type of service which auditors currently provide should be assessed against a number of key principles, in particular that:

    —  auditors should not perform management functions or make management decisions; and

    —  auditors should not audit their own work.

  1.36  The main elements of our recommendations on non-audit services are:

    —  that UK requirements should continue to be based on principles rather than rules;

    —  but that there need to be tougher and clearer safeguards to ensure that joint provision of an audit and non-audit services does not undermine auditor independence in fact or appearance:

    —  through regulation of the audit firms:

    —  tougher requirements governing the supply of non-audit services to audit clients;

    —  independent setting of auditor independence standards; and

    —  emphasise within the monitoring system on the application of these requirements in the major audit firms;

    —  by listed companies:

    —  an enhanced role for the Audit committee in approving purchase of non-audit services and justifying this to shareholders;

    —  new guidance for audit committees; and

    —  fuller disclosure of the value and nature of non-audit services bought from the auditor.

APPENDIX 3

MEMBERS OF THE APB

  During the period to 31 March 2009 the members of the APB were:
Andrew ChambersDirector, Management Audit LLP
Richard Fleck (Chairman) Partner, Herbert Smith
Jon GrantExecutive Director of the APB
Lew HughesFormerly Deputy Auditor General, Wales
Paul LeeDirector, Hermes Investment Management Ltd
Keith NicholsonPartner, KPMG
Ronan NolanPartner, Deloitte Ireland
Graham PimlottNon-executive Director
Minnow PowellPartner, Deloitte
Will RaineyPartner, Ernst & Young
David ThomasGroup Controller, Invensys plc,
Tom TroubridgePartner, PricewaterhouseCoopers
Stuart TurleyProfessor of Accounting, University of Manchester
Martin WardPartner, Dodd & Co
Non-voting observers
Ian DrennanIrish Audit and Accounting Supervisory Authority
Jim BellinghamDepartment for Business, Enterprise and Regulatory Reform
David LowethAccounting Standards Board
Richard ThorpeFinancial Services Authority


APPENDIX 4

THE APB'S PRINCIPLES FOR STANDARDS RELATING TO NON-AUDIT SERVICES

  When the draft ESs were issued in November 2003 the APB set out its underlying conceptual framework for the assessment of the appropriateness of an audit firm providing non-audit services to an audit client. There was widespread support for this framework and this was reflected in the version of ES5 that was issued in October 2004.

  The standards and guidance in ES 5 (Revised), paragraphs 6 to 39 provide direction to auditors when applying this framework to particular non-audit services. This is especially useful in those instances where the subsequent paragraphs of ES 5 (Revised) do not address the specific circumstances that arise.

  The principles of the threats and safeguards approach to professional ethics as applied to the provision of non-audit services to an audit client, requires the auditor to assess:

    —  Whether an engagement to provide non-audit services might cause the audit firm to serve interests or seek an objective inconsistent with its responsibility as auditor.

    —  The extent to which providing a specific non-audit service may give rise to self-interest, self-review, management and advocacy threats to objectivity and independence.

    —  The significance of the threats identified and whether effective safeguards could be implemented to reduce the threats to an acceptable level.

  The conceptual framework in ES 5 (Revised) goes on to require the auditor to communicate the issues raised by the provision of non-audit services with those charged with governance of the audited entity. In the case of listed companies, this communication assists the audit committee in complying with the provisions of the Combined Code on Corporate Governance that relate to reviewing and monitoring the external auditor's independence and objectivity and to developing a policy on the engagement of the external auditor to supply non-audit services. These responsibilities of audit committees were established by the Smith Recommendation which also arose out of the CGAA report.

  The final element of the general approach to non-audit services in ES 5 (Revised) is a need for the auditor to document the threats identified and the safeguards implemented. This supports both internal and external monitoring of audit quality.

  Since the publication of the ESs, the Government has issued legislation that requires the disclosure of auditor remuneration in the notes to the annual accounts of a company. The classifications followed in this legislation take into account the categories of non-audit services that are established in ES5. This further strengthens the links between the auditor's assessment of the threats associated with the provision of non-audit services and the audit committee's policy on the purchase of such services and makes this relationship transparent to users of the financial statements.

APPENDIX 5

NON-AUDIT FEES PAID TO THE AUDITORS OF UK LISTED COMPANIES

  The ESs were finalised in October 2004 to take effect for audits of accounting periods commencing on or after 15 December 2004. Since this time there has been a marked change in the fees profile of accountancy firms in respect of their FTSE 100 audit clients as shown in the table below.[91]
All figures in £m2003 20042005 20062007
Audit fees244.4283.5 326.0371.3402.4
Non-audit services*440.4 347.9327.4329.3 312.4
Non-audit fees as % of audit fees180% 123%100%89% 78%
*  Includes audit related work


  While audit fees have increased over the period, non-audit fees have decreased. There are a number of reasons behind this reduction in non-audit fees:

    —  There has been increased audit committee interest in this area, driven partly by the recommendations of the Smith Report and new provisions in the Combined Code on Corporate Governance that were introduced in 2003.

    —  Regulations and standards for auditors (both in the UK and the US[92]) have impacted the relationship between non-audit and audit fees.

    —  Company Law in the UK has required greater disclosure of the nature of non-audit services.

    —  Several of the larger audit firms have divested themselves of their IT management consulting businesses.

  In relation to the audits of large banks in the UK the trends in audit and non-audit fees are similar to those of the FTSE 100.

APPENDIX 6

EXTRACT OF THE AIU'S REPORT ON ITS REVIEW OF PWC FOR 2007-08 AUDITS

ETHICAL POLICIES AND CONSULTATION

  We reviewed the firm's ethical policies and found them to be generally comprehensive. However, in our view, the policies noted below should be reviewed by the firm, in light of the underlying principles of the ethical standards.

Objectives for selling of non-audit services to audit clients

  The APB Ethical Standards state that the audit firm should establish policies and procedures to ensure that, in relation to each audit client, no specific element of the remuneration of a member of the audit team is based on his or her success in selling non-audit services to the audit client.[93] This requirement is in place in order to reduce the self- interest threat to independence.

  The firm's policies and guidance explicitly permit internal specialists (such as tax partners) involved in audits, including "key audit partners" (KAPs),[94] to be rewarded for selling non-audit services to those audit clients, on the basis that they are not considered by the firm to be part of the "audit team". Whilst the Ethical Standards exclude "professional personnel from other disciplines involved in the audit" from being part of the audit team for this purpose, they do not specifically state whether this extends to KAPs. In our view, the underlying principles of the Ethical Standards would indicate that they should be treated in the same way as other audit partners who are responsible for key audit decisions.

APPENDIX 7

DESCRIPTION OF ASSURANCE SERVICES PROVIDED BY PWC IN CONNECTION WITH NORTHERN ROCK'S ACTIONS IN RAISING FINANCE

  APB staff have been informed that the nature of Northern Rock's securitisation programme was that bundles of mortgages were transferred to a Special Purpose entity (usually Granite Trust) and these mortgages were used to secure the raising of external finance by way of loan notes purchased by external investors. The mortgages and loan notes were included in the consolidated accounts of Northern Rock. In substance the transaction was therefore that the mortgages were being used to act as security for the loan notes.

  Raising finance in this way required Northern Rock to issue an investment circular, the content of which is governed by relevant regulation. While the investment circular is the responsibility of the Northern Rock board of directors, investment banks acting as a sponsor, underwriter or lead manager also have certain responsibilities in connection with it.

  The service provided by PwC was primarily to provide assurance about characteristics of the mortgages described in the prospectus or circular. PwC reports which were prepared in connection with this work were addressed to the directors of Northern Rock, the directors of Granite (or other companies within the group who were issuing the notes) and the investment banks (both from the UK and the US) who were acting as sponsor. In the Northern Rock financial statements the services were described as "reporting accountant services", which reflects the similarity of the services to those performed when companies raise external finance by way of bond or rights issues.

  This work drew on PwC's cumulative knowledge of the bank's systems and controls acquired during the statutory audit. It is our understanding that the work undertaken typically comprised the following:

    (d) Agreed upon procedures whereby details of the mortgage pool were verified to original documentation on a sample basis. This provided assurance to investors that information on mortgage characteristics (eg postcode of a property, or loan-to value ratio) has been recorded accurately on the tape of data used to compile the mortgage pool.

    (e) Confirmation that any analysis of the mortgage pool that was presented in a prospectus has been performed accurately. This typically took the form of re-calculating tables that have been presented, using information from the list of mortgages verified in (a).

    (f) Confirmation that any information provided in investor presentations was accurate. In addition to re-performing calculations, such as those in (b), this sometimes also involved verifying additional information about the parties to the transaction.

  In addition to the work undertaken on new securitisations, in 2006 new regulations[95] in the US required an annual independent accountant's report[96] confirming that Northern Rock had complied with certain servicing requirements. APB staff understand that the amount of work to be performed to support the SEC report was substantial and involved detailed work on a sample of transactions as well as tests to confirm that controls and other administrative procedures that have been performed.

APPENDIX 8

ANALYSIS OF THREATS TO AUDITOR INDEPENDENCE ARISING FROM ASSURANCE SERVICES PROVIDED BY PWC IN CONNECTION WITH NORTHERN ROCK'S ACTIONS IN RAISING FINANCE

  Securitisation services fall within the remit of the APB's ES 5 "Non-audited services provided to audited entities". Paragraph 11 of ES 5 (Revised) requires that:

  Before the audit firm accepts a proposed engagement to provide non-audited services to an audited entity, the audit engagement partner shall:

    (a) Consider whether it is probable that a reasonable and informed third party would regard the objectives of the proposed engagement as being inconsistent with the objectives of the audit of the financial statements; and

    (b) Identify and assess the significance of any related threats to the auditor's objectivity, including any perceived loss of independence; and

    (c) Identify and assess the effectiveness of the available safeguards to eliminate the threats or reduce them to an acceptable level.

  Furthermore within the section on "Transaction Related Services" there is a specific prohibition that an engagement should not be performed if:

    —  There is reasonable doubt as to the appropriateness of an accounting treatment;

    —  Such services are provided on a contingent fee basis and:

    (a)  The fees are material to the firm; or

    (b)  The outcome is dependent on a future or contemporary audit judgment; or

    —  The engagement would involve the firm undertaking a management role.

  A summary of the threats to independence and an evaluation of how they apply to the securitisation services we understand were provided to Northern Rock is as follows:
Possible threatsRelevance to securitisation services
Self- interest threats arise when the auditor has financial or other interests which might cause it to be reluctant to take actions that would be adverse to the interests of the audit firm. In relation to securitisation services the only self-interest threat that arises relates to the impact on total audit firm profitability from the provision of the additional service. The magnitude of this impact depends on the absolute size of the fee for the service and whether there were special arrangements for calculating the fee (eg the existence of contingency fees). In the case of Northern Rock, the fees for securitisation services are less than the audit fees and the APB understands that there were no contingency fee or other special billing arrangements.
Self-review threats arise when the results of the non-audit services are reflected in the financial statements and the auditor needs to re-evaluate that work for audit purposes. The nature of the work does not give rise to a self-review threat as: —  There do not appear to be any significant accounting judgements impacted by the securitisation process as the mortgages involved are included in the consolidated accounts (ie they remain "on balance sheet"), and —  The nature of the work performed by PwC is supplementary to that undertaken for audit purpose.
Management threats arise where the audit firm take a position or responsibility that should be undertaken by management and, as a result, looses objectivity. In the prospectus, management makes certain assertions regarding characteristics of the mortgages in the mortgage pool and these assertions are confirmed by work of an audit nature. Accordingly no management threat seems to arise from securitisation services.
Advocacy threats arise when the auditor acts as an advocate for the audited entity. PwC's reports are addressed to Northern Rock companies and to the sponsors of the securitisations. While securitisation services help the bank raise capital the auditor is not promoting or marketing the bonds and therefore an advocacy threat does not arise.
Familiarity threats arise when the auditor is predisposed to accept, or is insufficiently questioning of the audit entity's point of view as a result of having been associated with the same client for a long period. The familiarity threat relates to aspects of the audit and the audit opinion expressed on the financial statements and is not relevant to securitisation services.
Intimidation threats arise when the auditor is influenced by fear of threats. The intimidation threat also relates to the audit opinion expressed on the financial statements and is not relevant to securitisation services.


  On the basis of this analysis the APB's conclusion is that the securitisation services provided to Northern Rock in 2006 are not inconsistent with the objectives of the audit of the financial statements and need not therefore be prohibited.







85  
The CGAA reported to the Secretary of State for Trade and Industry and the Chancellor of the Exchequer in January 2003. Back

86   Draft ESs were issued in November 2003. There were 70 respondents from a variety of stakeholder groups. Back

87   A Consultation Paper containing draft revised ESs was issued in October 2007. A relatively large number of investors and representatives of audit committees responded to this Consultation Paper. Back

88   In its March 2008 Feedback Paper the APB noted that there were a small number of additional matters that remained to be considered including the Treasury Committee's concerns regarding securitisation services. Back

89   New regulations were introduced by the SEC in January 2006 regarding disclosure and public reporting requirements related to publicly-issued asset-backed securities. Back

90   See for example Beattie and Fearnley (2002) Auditor Independence and Non-Audit Services: a literature review. Back

91   Figures are taken from the annual fee survey undertaken by Financial Director magazine. Back

92   The SEC's Auditor Independence Requirements arising from the Sarbanes-Oxley Act were introduced in 2003. Back

93   APB Ethical Standard 4, paragraph 36 Back

94   "Key audit partners" are partners other than the audit engagement partner responsible for key audit decisions or judgments. Back

95   SEC's Regulation AB. Back

96   The report was made public on the SEC website Back


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2009
Prepared 1 April 2009