The Future of Audit Contents

2The audit product

17.Directors are responsible for the accounts of their company. The accounts are usually signed by the Finance Director (or CFO), but they are normally prepared by specialised financial reporting teams with input from managers across the company. Accounts must give a true and fair view, and companies must also follow suitable accounting standards.

18.It is the job of the auditor to verify that the accounts are true and fair, and that the standards have been applied properly.67 To do so, auditors work closely with the company’s managers (hereafter “management”), who supply them with evidence and explanations. The closeness of this relationship is both a strength (enabling an efficient and effective audit) and a weakness (diminishing the auditor’s ability and willingness to challenge management).

19.The main principles and objectives of audit are laid out in International Standard on Auditing (ISA) 200:

The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. In the case of most general purpose frameworks, that opinion is on whether the financial statements are presented fairly, in all material respects, or give a true and fair view in accordance with the framework.68

20.Two key words in this definition are “material” and “opinion”. The concept of materiality means that accounts do not have to be 100 per cent true and accurate. In fact, most sets of accounts are likely to contain small errors considered to be immaterial. An error is material if it is likely to matter to the users of the accounts (e.g. shareholders and lenders):

In general, misstatements, including omissions, are considered to be material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.69

21.Auditors set materiality thresholds for the companies they audit. These thresholds are used both in planning the scope of the audit work (the aim is to have a good chance of finding errors above the threshold) and in evaluating results (errors below the threshold will normally not affect the auditor’s opinion). To give an example, Tesco’s auditor, Deloitte, set materiality at £50 million for Tesco’s 2017/18 group accounts, which equated to 4.4 per cent of profit before tax before exceptional items.70

22.The second keyword is “opinion”. The auditor provides an opinion, not a guarantee or a fact. It is an informed, evidence-based opinion, but it is not expected to be infallible.71

The ‘expectation gap’

23.The existence of an ‘expectation gap’ was felt to be a central issue by a wide range of witnesses in our inquiry and in the other Government-initiated reviews of audit.72 In short, the expectation gap is “the difference between what the public and other stakeholders expect an audit to do and what an audit is required to do.”73

24.In their written and oral evidence, most audit firms told us that the public misunderstands audit. As we outline below, they said that audit does not look at the future, does not look for fraud and does not look at compliance with the law, besides accounting standards.74 They all welcomed Sir Donald Brydon’s review as the vehicle to tackle this expectation gap. The Brydon Review’s terms of reference include understanding “the origins and perceptions of the expectation gap”.75

Audit delivery gaps

25.We do not accept the attempts of auditors—particularly the Big Four and Grant Thornton—to underplay the role or scope of audit, nor to implicitly blame the public for failing to understand the purpose of audit. Rather, the firms should focus on the poor quality of their audits, and on how they are falling short of what audits are for within the current framework. Audit is already tasked with:

26.In the next sections (and in Chapter 3 for capital maintenance), we set out how audit and auditors have failed to deliver consistently on each of these four fronts.


27.In our introduction, we exposed how short the firms have fallen from delivering the quality that the regulator (and other stakeholders) rightly expect, with 27 per cent of all audits not meeting their quality standards. In evidence, the heads of three of the Big Four admitted that the quality of their audits was not good enough.76 For example, Bill Michael, in respect of KPMG’s audits told us that he was “not happy with the results” and that KPMG recognised the challenges and was “working hard to resolve them”.77 Kevin Ellis, however, told us that the quality of PwC’s audits was strong,78 despite significant failings in the audit of BHS and the FRC finding that 18 per cent of PwC’s audits had not met the expected quality standards.79 Not many companies can afford an 18 per cent rate of faulty products, and we are not aware of other industries in which 27 per cent of products sold are defective.


28.The current framework requires the auditor to have reasonable assurance that the financial statements are free from material misstatements, “whether due to fraud or error”.80 We therefore note that the level of assurance is the same as for any other type of material misstatement. Put another way, whilst the auditor cannot detect every error in the accounts, the auditor must be just as likely to detect fraud as they are likely to detect other errors.

29.In some way, the bar is actually higher for fraud. Size is not the only factor in determining whether a misstatement is material; the nature of the misstatement matters too.81 Much smaller misstatements can and should be considered material when the misstatement is due to fraud. The auditing standard on the auditor’s responsibilities in relation to fraud (ISA 240) explains how fraud has implications for the rest of the audit, even if the size of fraud is not material in relation to the financial statements. In particular, fraudulent reporting by management is almost always material, as explained in the guidance of the Institute of Chartered Accountants in England and Wales (ICAEW):

Fraudulent financial reporting that results in misstatements caused by management is, by definition, almost always material (regardless of the size of the misstatements) because of management’s intent to influence some action or decision. For example, if management has deliberately pushed sales near the year end into the next financial year, it may have done so in order to reduce the entity’s tax liability.82

30.We were both surprised and disappointed to hear the view from audit firms that because fraud is difficult to detect, the public should not expect auditors to find it. The most blatant example came from Grant Thornton’s CEO, David Dunckley:

We are not looking for fraud. We are not looking at the future. We are not giving a statement that the accounts are correct. We are saying they are reasonable. We are looking in the past and we are not set up to look for fraud.83

Seldom can a product have been so undersold in public. We were pleased to hear the FRC’s CEO, Stephen Haddrill, subsequently rejecting this notion, telling the Committee that a “mythology” had developed that auditors cannot detect fraud: “The auditor is clearly responsible for pursuing fraud in the company, but there is this mythology that has grown up of, ‘We’re not going to find it’”.84

31.Fraudulent reporting by directors is almost always material, by nature if not by size. The detection of material fraud is, and must continue to be, a priority within an audit. Audits must state how they have investigated potential fraud, including by directors.

A forward-looking product

32.The firms argued that an important part of the expectation gap is that the public thinks that auditors should also look ahead, when in fact audits are only an inspection of past, historical transactions.85 The public is right. Audits are and should be forward-looking, under the “going concern” assumption. Accounts are almost always86 prepared under the assumption that the business is a going concern, i.e. that the company will in all likelihood continue to trade for at least a year from the date of approval of the financial statements.87 The auditor must form an opinion on the appropriateness of the going concern assumption, and report on it if there are material risks to the business.

33.The FRC announced a consultation to strengthen the going concern standard for auditors on 4 March 2019. The consultation follows instances “where the auditor’s report failed to highlight concerns about the prospects of entities which collapsed shortly after as well as findings from recent FRC Enforcement cases”.88 The launch of this consultation is long overdue.

34.Among other things, the FRC says that auditors should make greater use of the viability statement,89 which is a requirement of the Corporate Governance Code.90 Directors are asked to assess the future prospects of the company in the Annual Report. The auditor is required to state whether they have anything to add or draw attention to in respect of the assessment made by directors. In oral evidence, FRC CEO Stephen Haddrill told us that “we need more information about the auditor’s view of the future prospects of the company, not just its current position”.91

35.Auditors are required to look ahead. We support work to strengthen the audit of and reporting on the going concern assumption and the viability statement. But we encourage Sir Donald Brydon to go further and explore how to make audits more forward-looking. In particular, Sir Donald should consider how widening the role and scope of audit might give the auditor more opportunities to express forward-looking opinions.

Graduated findings

36.If the performance of auditors against the current regime needs to improve, the audit product itself also needs to evolve in fundamental ways. One such reform is ‘graduated findings’, which refers to the auditor expressing an opinion on key management estimates and judgements in the accounts, describing them on a range from cautious to optimistic.

37.A number of witnesses said that the role and work of auditors are not sufficiently transparent and understood.92 Some of the firms argued that shareholders and the public do not get to see the good work auditors do behind the scenes.93 It follows that more transparency will make audits more useful and better understood. The introduction of the “extended auditor’s report” in 2012 was a good step in this direction. The extended report turned indistinguishable “boiler-plate” statements into much more detailed and specific accounts of the auditor’s work and findings.94

38.The extended report, however, does not require auditors to give more details about their opinion on the accounts. When the accounts are unqualified (i.e. the auditor is overall happy with the accounts), the auditor’s report provides no further insight into the opinion. The accounts are either true and fair, or they are not. This is a blunt and potentially destructive tool, applied to matters that “are very rarely black or white”.95 The audit opinion provides a seal of approval, but no further useful information for investors and the public. The complex judgements96 that pervade the accounts of any large company require a more nuanced approach than the current binary pass or fail. Graduated findings fill that gap.

39.With graduated findings, the auditor can give an unqualified opinion, and at the same time express reservations about the lack of caution in the accounting of certain items (e.g. aggressive revenue recognition, imprudent treatment of goodwill). Graduated findings were pioneered by KPMG when it included subjective findings, such as describing profit recognition as “mildly cautious”, in the Rolls-Royce 2013 audit report.97 This innovation generated great interest and some surprise among the profession. The addition of qualitative observations on particular areas of the financial statements, alongside the overall true and fair opinion, was considered a bold move.98

40.In their submission the CMA, KPMG argued that graduated findings would be an “effective and proportionate way” to help close the part of the expectation gap relating to auditors communicating their findings to shareholders.99 In evidence, investors, professional bodies and the firms were all in favour of graduated findings. However, we were told that companies (management) are reluctant to volunteer.100 Liz Murrall, Stewardship and Reporting Director at The Investment Association explained:

It was very interesting that one audit firm, KPMG, went one step further [than the extended audit report], and in relation to the risk of material misstatement they reported graduated findings, [ … ]. Investors really welcomed that. KPMG then wrote to all its audit clients and said “Investors want this. Can we do this for all our audits?” It was disappointing that they did not take it further, and only nine clients agreed. That did not send a very good message to the investor community, who are the real clients of the audit process and wanted these graduated findings.101

41.The Kingman Review said that the regulator should consider requiring graduated findings for all audits.102 We recommend that the FRC make graduated findings mandatory.

Widening the scope of audit

42.Extended reports and graduated findings are welcome developments, but not the only way to improve the usefulness of audits. Another way is to widen the scope of audit, which investors expressed support for during our inquiry.103 Euan Sterling of Aberdeen Standard Investments told us that his firm had been trying to encourage companies “to expand the scope of their audits” to think more expansively about the company’s future, but had had little success so far. He hoped Sir Donald Brydon would look into this.104

43.Examples of what audits could cover include compliance with the Corporate Governance Code,105 reporting on executive pay,106 pay gaps and pay ratios,107 environmental sustainability,108 and payment practices such as the treatment of suppliers and late payment terms.109 In this context, we welcome the announcement by the Chancellor in his 2019 Spring Statement that companies are to be required to include in their annual report details of their performance in paying invoices.110 We believe that this information should be scrutinised as part of the audit. ICAEW CEO Michael Izza also suggested auditing risk-weighted assets, “arguably the most crucial number for a bank’s security” and currently unaudited.111

44.The broadening of the audit remit would improve the usefulness of the product and the value of the job. Auditors would acquire new skills, employ more of their professional judgement and communicate their views clearly and openly.

45.As part of his review, Sir Donald Brydon should consider extending the scope of audit to cover the entire annual report, albeit with different levels of assurance and reporting. Critical areas such as corporate governance and payment practices ought to be subject to a robust assurance process and meaningful reporting by the auditor. Auditors should be encouraged and empowered by the new regulator to speak their mind openly and clearly in audit reports, without fear or favour. They should call out poor management when they see it. If there are barriers to auditors taking on more responsibilities and reporting on them candidly (such as unlimited liability and skills issues), the Brydon Review should include proposals for removing these barriers.

Shareholder engagement

46.The formal process for the appointment of auditors in listed companies is as follows. First, the audit committee (composed of independent non-executive directors) makes a recommendation to the board of directors. Following this recommendation, the directors make a decision, and the decision is voted on by shareholders at the company’s Annual General Meeting (AGM).112 In practice, however, the role of shareholders is minimal, while the opposite is true of executive directors, and in particular the CFO. The Competition Commission concluded in 2013 that “shareholders almost always follow the recommendations of the board”, and that they are “poorly placed to judge the performance of their auditors”.113

47.Several witnesses told us that shareholders either do not actively engage with the audit process,114 or audit committees do not do enough to engage with shareholders.115 Sir John Kingman told us that “ while shareholders have the power of approval of the appointment of an auditor, and it is right that they should have that power, they hardly ever exercise the power to do anything”.116 The CMA too found that there was a lack of engagement by shareholders and that audit committees did not do enough to encourage such engagement.117

48.In evidence to this inquiry and to our previous inquiry into the collapse of Carillion, investors expressed dissatisfaction with the quality and usefulness of audits.118 Yet, routine engagement with audit matters remains, by and large, very low.119 We think that there is a negative feedback loop at work here. Audits do not communicate much of value to shareholders, and so shareholders do not engage. Since shareholders do not engage, there is little incentive for companies and auditors to innovate and provide more information (such as graduated findings, which most companies do not want to volunteer for).120

49.We believe that there is a chance to reverse this dynamic by making audits more useful and transparent. A first step in starting a positive loop was the extended audit report discussed in the previous section. Two years on, the FRC found that investors greatly valued the new information:

Investors have welcomed extended auditor reporting, and greatly value the enhanced information it provides. The value added can be particularly important for those audited entities where there are fewer sources of other information, including smaller companies.121

50.We received evidence that more could and should be done to encourage investors to attend meetings to understand how their interests are being protected,122 and that the audit process needs to be more transparent.123 Euan Sterling from Aberdeen Standard Investments recommended that shareholders be shown how auditors have exercised professional scepticism in their audits.124 ICAEW CEO Michael Izza suggested that auditors make presentations to shareholders at the AGM, in order to get “auditors and investors closer together”.125

51.We believe that requiring auditors to present at the AGM is a good way to generate engagement. This direct dialogue with shareholders would also remind auditors who they are accountable to. It would require them to demonstrate their independence and evidence their willingness to challenge management to a wider audience than the Audit Committee.

52.Our proposals to make audit more useful and transparent should also increase investor interest in audit matters. Interested investors will be more likely to engage and use their voice to push for continued improvements and greater transparency. But there is a long way to go. We have three recommendations to increase investor engagement. Combined with our proposals to make audits more transparent and useful, we believe that this package will lead to significant and positive engagement from investors.

53.There should be a requirement in the new Stewardship Code for investors and asset owners to consider audit matters.

54.Auditors should make a presentation at the AGM to show how they have challenged management and exercised professional scepticism to underpin their audit opinion, and to raise any major issues.

55.In order to be useful, information must be timely. The FRC and its successor should consider requiring companies to publish the audit report at the same time as results are announced (instead of waiting for the full annual report to be published, which often happens a month later, even though the audit report is ready and signed off before results are announced).

Conclusions on the expectation gap and the audit product

56.We support the work that Sir Donald Brydon is doing to understand “the origins and perceptions of the expectation gap”. Nevertheless, the expectation gap must not be allowed to mask the serious failure of audit to deliver on its own current terms. If auditors delivered on the existing regime reliably and well, the expectation gap would shrink greatly. The delivery gap is far wider than the expectation gap and that is what must be fixed as soon as possible.

57.We also support the fundamental rethink of audit that Sir Donald has been tasked with. As a product, audit should be more useful and forward-looking. A revamped product will make a career in audit more varied, exciting and rewarding. Audit should be as attractive as consulting and be seen that way but should also be much more meaningful in its service to the public interest.

68 FRC, ISA 200, (June 2016), p 2.

69 FRC, ISA 200, (June 2016), p 3.

70 Deloitte, Independent auditor’s report to the members of Tesco PLC, in: Tesco, Annual Report and Financial Statements 2018, (10 April 2018), p 68.

71 FRC, ISA 200, (June 2016), p 3.

72 See for example: Q229, Q307, Q321, Q483; and: CMA, Appendix C to audit market study update paper: the ‘expectation gap’; the purpose and scope of audit, (18 December 2018), p 1.

73 See for example: CMA, Appendix C to audit market study update paper: the ‘expectation gap’; the purpose and scope of audit, (18 December 2018), p 1.

74 See oral evidence of 30 January 2019, for example: Q229, Q307, Q321, Q483.

75 Independent review into the quality and effectiveness of audit: terms of reference, (14 February 2019), p 2.

76 For example, see: Q389 (David Sproul, Senior Partner and Chief Executive Officer, Deloitte UK); Qq470–471 (Steve Varley, Chairman, EY UK);

77 See: Qq453–456, Q467 and Q479 (Bill Michael, UK Chairman and Senior Partner, KPMG).

78 Qq473–477 (Kevin Ellis, Chairman and Senior Partner, PwC UK).


80 See: FRC, ISA (UK) 200, (June 2016).

83 Q238.

84 Q590.

85 See oral evidence of 30 January 2019.

86 “The financial reporting frameworks applicable in the UK generally require the adoption of the going concern basis of accounting in financial statements, except in circumstances where management intends to: liquidate the entity; to cease trading; or has no realistic alternative to liquidation or cessation of operations. In effect, an entity that does not meet the threshold for that exception is described as a going concern.” In: FRC, Proposed International Standard on Auditing (UK) 570 (Revised) Going Concern: Exposure Draft, (March 2019), p 1.

87 FRC, ISA (UK and Ireland) 570, (September 2014), p 8.

90 The requirement is in Provision 31 of the 2018 Code, and C.2.2 of the 2016 Code.

91 Q645.

92 E.g.: Q2, Q646.

93 Deloitte (FOA0017); PwC, Response to the CMA’s Update Paper, (February 2019), p 6.

95 Michael Izza, ICAEW CEO, Q642.

96 It is often said about accounts that cash is fact, and everything else is a matter of opinion. See for example: Tim Steer, The Signs Were There, Profile Books, (2018), p 141.

97 KPMG audit report in: Rolls-Royce Holdings plc, Annual Report 2013, p 130.

98 Private conversations with auditors.

99 KPMG, Response to the Competition and Markets Authority Invitation to Comment, (30 October 2018), p 34.

100 Private conversations.

101 Q61.

102 Independent Review of the Financial Reporting Council, (December 2018), Recommendation 53, p 52.

103 Q85, Q86.

104 Q85.

105 See: BEIS Select Committee, Corporate governance, (HC 702; April 2017).

106 See: BEIS Select Committee, Executive Rewards: paying for success, (HC 2018; 26 March 2019); ICAEW, How to end excessive pay, (2018).

107 See: BEIS Select Committee, Gender pay gap reporting, (HC 928; July 2018).

108 See: EAC Select Committee, Greening Finance: embedding sustainability in financial decision making, (HC 1063; June 2018); Climate Disclosure Standards Board and CDP, First Steps: Corporate climate and environmental disclosure under the EU Non-Financial Reporting Directive, (November 2018); European Commission, Non-financial reporting, (accessed 27 March 2019); ICAEW, Environmental issues and UK annual reporting, (2015).

109 In March 2019, it was reported that the regulator had been asked by the Government to consider how audit committees of listed companies could police payment performance to address late payments for suppliers. See: Times, Late payers may answer to their audit committees, (18 March 2019). In our report on small businesses and productivity we recommended that auditors should look at payment practices, as late payments are an indicator of the culture and health of a company. See: BEIS Select Committee, Small businesses and productivity, (HC 807; 5 December 2018), p 45.

110 HC Deb, 13 March 2019

112 The law is found in Part 16, Chapter 2 of the Companies Act 2006

113 Competition Commission, Statutory audit services for large companies market investigation: Final report, (15 October 2013), pp 176–7.

114 For instance, see: Q44 (Leon Kamhi, Head of Responsible Investment, Hermes Investment Management); Q132 (Steve Barber, Audit Committee Chair, AA plc); Q134 (Margaret Ewing, Nomination, Audit and Risk Chair, ITV); ICAS (FOA0019); Mazars LLP (FOA0025).

115 For instance, see:Q55 (Natasha Landell-Mills, Head of Stewardship, Sarasin & Partners).

116 Q179 (Sir John Kingman, Chair of the Independent Review of the Financial Reporting Council).

117 CMA, Statutory Audit Services Market Study: Update Paper, (December 2018), pp 52–54.

118 See: Carillion, HC 769, (7 March 2018), Q1043, QQ1128–9; and: Future of Audit, HC 1718, (15 January 2019), Q35, Qq85–90.

119 As explained in previous paragraphs.

120 See subsection on graduated findings.

121 FRC, Extended auditor’s reports: A further review of experience, (January 2016), p 4.

122 UKSA & ShareSoc (FOA0005); Association of Practising Accountants (FOA0012).

123 Investment Association (FOA0014).

124 Q85 (Euan Stirling, Global Head of Stewardship & ESG Investment, Aberdeen Standard Investments).

125 Q578 (Michael Izza, Chief Executive, Institute of Chartered Accountants in England and Wales).

Published: 2 April 2019