1. We are submitting this memorandum as part of the Committee's inquiry into Auditors: Market concentration and their role. It covers:

— our overall role and views in relation to competition in auditing;

— the role of auditors;

— auditing and client asset protection; and

— internal audit and corporate governance.

  2. The submission draws heavily on the recent joint FSA and Financial Reporting Council (FRC) Discussion Paper, DP10/3, Enhancing the auditor's contribution to prudential regulation published in June 2010 (copy attached).[14]

COMPETITION IN AUDITING

  3. The FSA is not a competition authority and therefore does not offer views on the questions posed on competition issues in the audit market. While we believe that there is an important debate to be had on audit market concentration there are also important matters to address on the quality of auditing. We believe that these issues can and should be dealt with separately.

ROLE OF AUDITORS

  4. In addition to their role under the Companies Act 2006, auditors have a duty to report to the FSA under the Financial Services and Markets Act (FSMA) on matters that may be of material significance to the FSA in carrying out our functions in relation to the entity being audited.

  5. High quality audit and assurance support effective governance of firms, which is critical to achieving our objectives relating to market confidence, financial stability and consumer protection. Audited financial information is also an important part of the information that we rely on in supervising firms.[15]

  6. As outlined in the joint FSA/FRC Discussion Paper, although we have seen examples of good audit and assurance practice, there have been other cases that indicate clear room for improvement. In particular, there have been cases involving valuation, provisioning and disclosures where the auditor's approach has appeared to focus on gathering information to support management's assertions, and whether management's valuations and disclosures comply with the letter of the accounting standard (rather than whether the standard has been applied in a thoughtful way that would better meet its objectives). Given that the application of accounting standards require management judgement in many key areas and a range of different approaches may be possible, auditors may also be faced with different firms making different judgements on the valuation of similar instruments. In our Discussion Paper and in our regular meetings with auditors, we have highlighted our concerns in this area, challenged where appropriate and emphasised the need for adequate disclosure in financial statements in this area. The work of our Accounting Review Team is key in this regard.

  7. We have also questioned whether auditors always exhibit sufficient professional scepticism. For example, we believe that they need to challenge management more on the quality of their disclosures. On fair value estimates, our work on valuation methodologies has led us to question whether auditors are sufficiently sceptical when challenging management's basis for determining the models and assumptions used to derive ranges of estimates, and the selection of particular estimates from within such ranges, where key inputs may be unobservable. The FRC has also raised its concerns over insufficient auditor scepticism with the major global audit firms, and the APB has issued a discussion paper highlighting the importance of scepticism.[16]

  8. In the earlier stages of the crisis, there was a significant loss of confidence in banks' financial reporting, as investors and other stakeholders were concerned that published accounting figures did not capture the reality of emerging problems. Given that accounting standards are framed to be used by entities of a wide range of sizes and complexity, it should be no surprise that disclosures that go beyond the specific detailed requirements will usually be necessary for larger and more complex financial institutions.

  9. As a result of lessons learned from the crisis, we have adopted a more intensive supervisory approach. We now have a far more intense relationship with auditors than in the past. We have increased our engagement with auditors to emphasise their role in the oversight of firms. We recognise that, in the past, bilateral meetings between the FSA and the auditor of a supervised firm took place on an ad hoc basis. However, following the implementation of our Supervisory Enhancement Programme, our supervisors of high-impact firms now meet the auditors of high-impact firms at least annually. Matters discussed are specific to the firm but include, for example, financial results, systems and controls and the auditor's view of senior management. This has required us to become more involved in the scrutiny of specific accounting practices and judgements in order to consider more fully their implications from a prudential perspective.

  10. We have also established the Accounting Review Team, a team of experienced qualified accountants whose primary role is to support supervisors on accounting and audit-related matters. The Accounting Review Team does this by reviewing financial information and providing supervisors with advice and analysis on the firms they supervise, as well as supporting supervisors in their communications with auditors. This proactive approach is designed to ensure that we make full use of information in firms' financial statements and auditors' knowledge of firms to inform our supervisory judgements.

  11. To help us focus on potential risks in individual industry sectors, we also meet audit firms in a number of fora. These include high-level bilateral meetings with audit firm partners, technical bilateral meetings with audit firm directors and roundtable meetings with the largest firms to discuss key financial reporting and audit issues in particular sectors. We also still hold high-level meetings with audit firms where, among other things, we discuss key risks that we have identified in particular sectors.

  12. We have also published a Discussion Paper and Feedback Statement on enhancing credit institutions' financial reporting disclosures. We believe that there remains room for improvement in this area, both by firms and in auditors' approach to auditing disclosures. However, there have been some improvements in firms' disclosures on credit exposures, risks and uncertainties since the crisis, including:

— more granularity in disclosures on financial instruments (for example, information on the "fair value hierarchy", which shows the extent to which unobservable inputs are used in the valuation methodology);

— improved disclosures on instruments most affected by the financial turmoil in 2008 and 2009 (such as residential mortgage-backed securities and collateralised debt obligations); and

— the inclusion of glossaries providing a definition of key financial terms that are not explicitly defined in accounting standards.

CLIENT ASSETS

  13. Client asset protection is another key aspect of maintaining market confidence, financial stability and consumer protection. Our existing client assets regime aims to address those objectives by, among other things, ensuring client assets are kept separate from those of the firm and establishing where client assets stand in the hierarchy of creditors in the event of a firm's default.

  14. In this context we have historically given auditors a role in providing external independent assurance that regulated firms have adequate systems to enable them to comply with the client assets regime. This is achieved by periodic reporting by firms' external auditors on the adequacy of their client assets systems.

  15. However, through supervisory work we have established evidence of material failings in some of the auditor's reports on client assets, including indications that some auditors lacked understanding of the relevant FSA requirements. In our review of the auditor's reports, we uncovered further material weaknesses in a number of reports received. The specific failings we have seen include:

— auditors providing unqualified (ie "clean") reports, despite the regulated firm having committed significant breaches of our client assets rules;

— auditors' reports covering the wrong chapters of client assets rules;

— failure to undertake to provide the report on client assets because the auditor was not aware of, or did not understand, the reporting requirement on client assets; and

— auditors submitting their reports several months late (in some instances, they were submitted years after the period to which they relate).

  16. Because of the nature and number of issues identified, we concluded that these failings are not localised to one or a limited number of auditors, but rather indicate a general deficiency by auditors in understanding and applying our requirements relating to client assets, and a need to take steps to improve the quality of the auditor's reports on client assets.

  17. We have recently launched a specialist unit—the Client Assets Sector team—to increase focus on the regulation of client assets. The sector has brought together staff responsible for policy, data collecting and monitoring and analysis. As well as continuing to use auditors' reports on client assets to monitor firms' compliance, the team monitors the quality of the auditors' reports on client assets to ensure that the steps we are taking (as summarised below) lead to improvements in the standards.

  18. We have taken notified firms and their auditors of the material failings and weaknesses we have identified in firms' systems relating to compliance with the client assets regime. We have also established referral arrangements with the auditors' supervisory bodies, and have referred a number of individual auditors to the Institute for Chartered Accountants for England and Wales (ICAEW) and the Accountancy and Actuarial Discipline Board (AADB) in relation to auditors' reports on client assets that we consider failed to meet our requirements.

  19. On 27 September we published a Consultation Paper proposing amendments to our Handbook. The Consultation Paper proposals, together with the other actions we are taking, aim to drive improvements in the quality and consistency of the auditor's reports on client assets by:

— confirming and clarifying the standards required for the auditor's report on client assets;

— increasing and making consistent the information provided within the auditor's reports to enhance its supervisory value; and

— improving firms' governance oversight of both their auditors and their compliance with the client assets rules.

OTHER ISSUES

  20. In addition to this, we have set out several areas where we believe audit could be made more effective for our supervisory work. Enhancing information sharing between the FSA and auditors should be possible under existing legislation and could improve both auditors' contribution to prudential regulation and audit quality. Although there are restrictions on what information we can share with auditors and the circumstances in which it can be shared, the "default mode" should be that we share with them key information that would support better quality audit. Although, under FSMA, auditors have both a duty and a right to report information to us that is relevant to our functions, there is currently a low level of reporting, despite recently having experienced the most severe financial crisis in recent years. We believe that further improvements are needed in the way in which auditors fulfil this duty (although enhanced engagement between us and auditors, both now, and as this develops further in the future, should also increase the incentives for auditors to improve on the current low level of reporting).

  21. Changes in legislation to create additional regulatory powers may also be needed. Currently, we can refer an auditor to the FRC and the auditor's professional body if we have specific concerns. We can also disqualify an auditor from acting as the auditor of an authorised person if it appears that the auditor has failed to comply with a duty imposed on them under FSMA. In practice, a failure to discharge duties under FSMA could vary in seriousness or significance. An appropriate package of enforcement powers could provide us with the same tools to take action against audit firms (or individual auditors) that are currently available when taking action against a regulated firm or approved person (including public censures or imposing financial penalties).

  22. We have sought feedback about whether we should have an enhanced range of enforcement tools in relation to audit firms (including the power to publically censure, impose financial penalties on or disqualify the audit firm or relevant individuals within the audit firm). We intend to continue to use the platform of the Discussion Paper (and subsequent responses) to evaluate how best to enhance auditors' reporting on client assets and whether we should seek an enhanced range of enforcement tools.

  23. There could also be merit in extending the FRC's enforcement powers so it can monitor work by auditors that does not form part of the annual statutory audit (such as the audit of interim financial information) and is better able to investigate specific issues at short notice outside the annual inspection cycle.

  24. We are also considering whether enhanced assurance on regulatory returns would be appropriate. While imposing an external audit requirement for all returns may be disproportionate, we have some concerns over the quality of regulatory reporting and we are therefore considering whether data quality would improve if returns were to be subject of some form of external review. Greater use of s.166 Return Assurance Reports[17] could be one alternative.

  25. We are also exploring whether auditors should be required to report on additional specified areas for the firms they audit. This could give us more insight into significant accounting judgements that materially affect the firm's statement of financial position, identify weaknesses in the control environment or identify the main dependencies and vulnerabilities of the firm's business model. Such additional information would provide us with more complete information to help us judge the adequacy of relevant amounts in the annual accounts and could be presented in a consistent format which would aid comparison across firms.

  26. Banks, building societies and investment firms disclose information on capital and risk management under "Pillar 3" of the Basel II capital framework. Pillar 3 disclosures are subject only to internal verification. We remain unconvinced that there is significant demand for external assurance of Pillar 3 disclosures and that an audit of all such disclosures would significantly increase their usefulness to us in making decisions. However, there may be specific measures on capital adequacy where the inherent uncertainty or relevance of these measures to decision-making means that greater assurance could enhance market confidence and add value for the users of other prudential information.

AUDITORS AND CORPORATE GOVERNANCE (AUDIT COMMITTEES)

  27. Internal audit plays a crucial role in ensuring the effective governance of organisations, and represents a key defensive mechanism against the risks that they are exposed to, by providing the organisation with independent and objective assurance that line management is managing risks actively and effectively and that governance is effective.

  28. Our Consultation Paper, Effective corporate governance (Significant influence controlled functions and the Walker review) published in January 2010, advanced a range of proposals designed both to improve the quality of governance and risk management in firms and to further intensify our supervisory regime, following the introduction in 2009 of our Supervisory Enhancement Programme. It also contained proposals to give effect to the FSA-specific recommendations in Sir David Walker's review of corporate governance published in November 2009. The Handbook changes (published on 24 September), along with our Policy Statement (PS10/15), implemented these proposals, including in respect of the Internal Audit function within firms.

  29. As part of our Intensive Supervision Model, we are increasingly seeking to engage with auditors to establish whether or not there is evidence within a firm to support this. It is for this reason we have now amended our approved person, Significant Influence Functions (SIF) regime, to create a separate internal audit function (CF15), as well as other SIF controlled functions for non-executive directors and Systems & Control functions. These amendments will make us better able to assess—including through interview where appropriate—the competencies and capabilities of individuals filling these roles and ensure that they possess the correct skills and experience with which to carry out their duties effectively.

  30. The success of the internal audit function depends crucially on its independence from all other functions and systems within the organisation on which it gives assurance. Our new guidance sets out our intention therefore to provide guidance advising firms to restrict the holder(s) of the internal audit (CF15) controlled function from holding, at the same time, any other significant influence function. This, we believe, will protect and entrench its independence.

  31. Many firms already have in place a wholly independent internal audit structure that allows for the individual(s) holding the internal audit role not to be responsible for other functions. We do, though, regulate some 14,500 small firms, many of which may have no alternative, due to their scale, but to have individuals responsible for both the internal audit and other roles and our guidance allows for this.

  32. We have also amended our Handbook to emphasise and include in our rules the key role of the modern, internal audit function: that of reporting on the effectiveness of the systems of internal control.

  33. In all these areas progress has been and continues to be made. While many concerns have been raised over the work of auditors before and during the financial crisis, we have worked closely with auditors, the FRC and other relevant bodies to address these. We will continue to work with relevant organisations to seek further improvements.

October 2010

15   In this response, the term "firms" means FSA regulated firms. Back

16   Auditor scepticism: Raising the bar, Auditing Practices Board, August 2010. Back

17   S.166 Return Assurance Reports involve the FSA using powers under section 166 of FSMA to review a specific firm's regulatory return where there is a perceived risk. These reviews can therefore be used to gain assurance that the regulatory return has been properly prepared in accordance with the relevant FSA rules. Back