Auditors: Market concentration and their role - Economic Affairs Committee Contents


Supplementary letter from Mr Robin Heath, Managing Partner, Regulatory & Public Policy, Ernst & Young (ADT 34)

  Thank you for your letter of 1 December 2010 addressed to Scott Halliday. Ernst & Young is pleased to submit further evidence to the Committee.

  I attach an 8-page Appendix in which we set out our answers to the Committee's specific questions. In so doing, we are mindful of the underlying issues in the Committee's inquiry, notably the relevance and future role of audit. In that respect, we have sought, where appropriate, to highlight recommendations which we made in our original written submission and in oral evidence.

22 December 2010

APPENDIX

RESPONSES TO SPECIFIC QUESTIONS

"A note on how going concern judgments as part of audits of banks were reached before and during the financial crisis of 2007-09 (Q283). The Committee is particularly interested in how auditors reached unqualified going concern judgments on banks for the year ending December 2007 only for some of them to collapse in 2008. The Committee would also like to know what was the basis for going concern judgments on banks' financial statements in December 2008, when some banks were already in trouble".

  1.  Financial statements are prepared by companies and the accounting judgments are the responsibility of management and the directors. They are a snapshot of a company's financial position at a particular point in time. A statutory audit is an examination of a company's financial statements carried out in accordance with independently prescribed auditing standards. After the audit is completed, the auditor issues an audit opinion which is published as part of the financial statements. It states whether or not the financial statements give a true and fair view of the state of the company's affairs and of its profit or loss for the period covered. It is designed to provide reasonable (not absolute) assurance that the company's financial statements are free from material misstatement.

  2.  Although preparation of the financial statements requires the directors to make certain assumptions about the future (indeed directors of listed companies are required to make an explicit statement that the company is a going concern), financial statements do not provide a forecast of future performance because they are a snapshot of a company's financial position at a particular point in time.

  3.  In December 2010, the Financial Reporting Council made the following comments in its response to the European Commission's Green Paper on Audit Policy[32]. They provide a good explanation of what it means to prepare financial statements on a going concern basis.

    "There is evidence of an expectation gap between the actual scope of an audit and public perception of the information an audit should reveal. Some stakeholders continue to believe that auditors provide an independent opinion on the financial health of a company when in fact they prepare an opinion on whether their accounts show a "true and fair" view. This particular expectation gap was evident in commentary following the financial crisis, with many people querying how a bank could have received an unqualified audit report, only to collapse a few months later. Specifically, it was questioned whether the risks and uncertainties facing the banks were adequately described and/or it was correct for the financial statements to be prepared on a going concern basis. In this context it is important to appreciate that a conclusion, based on reasonable assumptions about the company and the markets in which it operates, to prepare a company's financial statements on a going concern basis is not the same as reaching a definitive conclusion that the company will in fact be a going concern some 12 to 15 months later. "

  4.  While Ernst & Young audits many banks outside the UK, we did not audit any of the major UK-headquartered banks during the relevant period. We do not therefore have sufficient knowledge to comment on how the directors and auditors of UK banks made judgments on going concern for the financial years ended 2007 and 2008.

  5.  That said, we believe that the following recommendations could help address the "expectation gap" to which the FRC refers:

    (a) expanding corporate reporting by developing standards that require companies to provide investors with information that goes beyond historical financial statements and management analysis to include improved and more relevant disclosures (eg, business model, risks, controls, management estimates and judgments, and sustainability);

    (b) strengthening the role of audit committees to include issuing a report to investors providing greater transparency into discussions with management and the auditor on key financial statement risks and critical judgments and estimates;

    (c) requiring the auditor to provide some level of assurance or attestation—or have other involvement with—certain information outside of the financial statements, including a company's narrative reporting, as well as any enhanced business reporting that may evolve; and

    (d) a greater role for auditors in prudential regulation including a regular two-way dialogue between bank auditors and prudential supervisors. Prudential supervisors could also make more and better use of auditors and other external experts using targeted risk based reporting.

"A note on the impact on bank audits of IFRS accounting standards (Q.288)"

Recommendation

  6.  The comments we make below reinforce the importance of global adoption of a single set of high quality accounting and auditing standards, namely IFRS and ISA.

Effect of switch to IFRS on financial reporting by banks

  7.  Like UK GAAP, IFRS is a principles-based set of accounting standards that require the application of judgment and professional experience by the directors when preparing the financial statements. Since IFRS has been applied, a body of supporting literature has been developed which seeks to ensure consistency of application globally and prevent abuse.

  8.  The relevant standards, guidance and accounting by banks for loan loss provisions and fair values were not significantly different under UK GAAP compared to IFRS. Pre-IFRS, UK banks were subject only to the Statements of Recommended Practice (SORPs) on loan provisioning, hedge accounting and securities measurement. These were developed by the British Bankers' Association and "franked" by the Accounting Standards Board. They were only recommended practice and less rigorous than IFRS.

    (a) Loan loss provisions—there is no major difference in the requirements of the SORP on Loans and Advances, which represented UK GAAP on the topic, and IAS 39 under IFRS: both are incurred loss models.

    (b) Fair value—IFRS standardised existing accounting practice by UK banks to record trading book positions and derivatives at fair value.

  9.  In relation to distributable profits, Mr Bush's evidence is based on the assumption that solvency requirements for financial institutions are determined largely by reference to the financial statements. This has not been the case for some time, irrespective of whether UK GAAP or IFRS is used.

  10.  Distributable profits are (and were) based on retained earnings as shown in the financial statements, but are adjusted (typically downwards) to arrive at distributable profits using the guidance in Technical Releases issued by the main UK accountancy bodies. This recognises that not all profits recognised under IFRS (or UK GAAP) are sufficiently realised to be distributable.

  11.  Moreover, no well-managed organisation would seek to pay a dividend if the effect would be to reduce its capital below that which it needed to operate its business. This is where regulatory capital requirements for banks are relevant. In calculating regulatory capital under Basel 2 UK banks had to include amounts for expected losses beyond those recognised in the financial statements together with amounts for unexpected losses. This regulatory capital regime was also designed to cover the "stress test" referred to by Mr Bush. In practice it meant that the profits available for distribution would always be less than those recorded for accounting purposes.

  12.  Regulatory capital requirements under Basel 2 are now recognised as having been set too low, but that was nothing to do with IFRS.

13. It is also worth pointing out that some countries which do not use IFRS have experienced difficulties in their banking sector (eg USA). Equally other countries which use IFRS have not experienced difficulties in their banking sector (eg Australia). This provides additional support for the view that there is no causal link between adoption of IFRS and problems in the banking sector.

  14.  However, we recognise that IFRS accounting standards are not perfect. Accounting standard setters are seeking to develop improved principles-based standards, especially for financial instruments, which respond to the criticisms made following the crisis. We also welcome the considerable progress made by banks in the quality of their disclosures on the financial instruments they hold and the risks they are exposed to.

Effect of switch to IFRS on banks audits

  15.  Like UK GAAP, IFRS are a principles-based set of accounting standards that require the application of judgment and professional experience by auditors when auditing financial statements prepared by directors.

  16.  The move from UK GAAP to IFRS should therefore have had limited impact on how audits of a bank's financial statements are performed. Auditors have had to make similar sorts of judgments about the directors' financial reporting of loan loss provisions, fair values and distributable profits, whether the financial statements were prepared under UK GAAP or IFRS.

"A note on the areas which wider audit reports might address (Q.290)"

  17.  In looking at what wider audit reports might address, it is important to distinguish between a company's responsibility to report its annual results to the market and the responsibility of the auditor to provide assurance on that information.

Recommendations

  18.  We believe the following proposals should be considered for all public interest entities, not just banks:

    (a) Strengthening the role of audit committees to include issuing a report to investors providing greater transparency into discussions with management and the auditor on key financial statement risks and critical judgments and estimates;

    (b) Expanding corporate reporting by developing standards that require companies to provide investors with information that goes beyond historical financial statements and management analysis to include improved and more relevant disclosures (eg, business model, risks, controls, management estimates and judgments, and sustainability); and

    (c) Requiring the auditor to provide some level of assurance or attestation—or have other involvement with—certain information outside of the financial statements, including a company's narrative reporting, as well as any enhanced business reporting that may evolve.

  19.  For further information, please refer to our original written submission to the Committee dated 27 September 2010, and in particular our answer to the question "What is the role of auditors and should it be changed? "

  20.  The UK audit profession has done some detailed work on the future of bank audits. In June 2010, the ICAEW published its report on how bank audits might be enhanced[33]. In relation to auditor reporting, it identified that insufficient information is provided under the current framework about the work that underpins an audit. This makes it difficult for investors to assess the performance of bank auditors or to understand the key areas of challenge. To address this gap, banks should confirm that key areas of judgment discussed with auditors are set out in the critical accounting estimates and judgments disclosures in the financial statements. It also said that auditors should have more involvement in reporting on the front sections of annual reports.

  21.  The six largest UK audit firms are also part of a Bank of England-chaired working group comprising representatives from the FSA, FRC and ICAEW. The purpose of this working group is to consider how the relationship between auditors, firms and regulators can be more clearly defined to permit more useful and comparable disclosures about judgment issues and the sensitivities around material valuations. The working group is also defining ways in which the relationship between auditors and prudential regulators can be enhanced in practical terms. In respect of the latter workstream, a working protocol has largely been agreed.

  22.  On 29 June 2010 the FSA and FRC published a Discussion Paper looking at similar issues and asking, among other things, for views on bespoke reporting by auditors to prudential supervisors and whether auditors should audit Pillar 3 and prudential information in annual reports[34]. We enclose a copy of our response[35] to that Discussion Paper and refer you in particular to our answers to Questions 10 to 15.

In recent years the share of non-audit fees in the Big Four's total fees has fallen sharply, partly because fees for "audit-related work" (including "extended audit services") are reported as if they were fees for auditing. So that we can have a clearer picture of how much fee income you earn for work you do for audit clients which is not essential in order for you to provide your audit opinion, could we please have a breakdown of the proportion of total fees earned from:

    (a) essential audit work

    (b) "audit-related work" excluding "extended audit services"

    (c) so-called "extended audit services", and

    (d) consulting and other services?

Recommendations

  23.  The comments we make below reinforce the importance of:

    (a) strong active corporate governance including improved disclosures in company annual reports of an audit committee's policy on non-audit services and its reasons for approving significant non-audit engagements;

    (b) clearer information in company annual reports about how non-audit services are categorised; and

    (c) policy makers considering whether to require audit committees to pre-approve significant permissible non-audit services.

Comments

  24.  Transparent information about the nature and amount of non-audit services auditors provided to audit clients should help address any perceptions among stakeholders that objectivity and independence is impaired by their provision. We seek to achieve this through our transparency report which outlines revenues attributable to different segments of our firm. It also provides information about the relative size of our non-audit practice as compared to the audit practice.

  25.  We have sought to answer the Committee's question as best we can by setting out figures taken from our transparency report for the year ended 2 July 2010[36]. Although we do not analyse fees centrally using the Committee's categories, these numbers indicate the relevant financial significance of different types of services.

ServiceAmount (£m) Percentage of total revenues
Statutory audit30322.3%
Other assurance services provided in respect of audit clients 231.7%
Other non-audit services provided to audit clients 18313.5%
Services provided to non-audit clients 84762.5%
TOTAL1,356100%


  26.  The Companies (Disclosure of Auditor Remuneration and Liability Limitation Agreements) Regulations 2008[37] ("the Regulations") also require companies to disclose a breakdown of fees paid to their auditors, albeit not in the same categories as those used by the Committee.

  27.  The Regulations provide a general picture of what a company asks its auditor to do but they could be improved. Accordingly, we support better disclosures in company annual reports about how non-audit services are categorised.

  28.  Under the Regulations, many services categorised as non-audit are services which are integral to the audit eg audits of subsidiaries or internal controls reporting required to be performed by the auditor under the US Sarbanes-Oxley Act. In 2010, we were therefore pleased to assist the Institute of Chartered Accountants of Scotland to develop recommendations[38] for improvement to the FRC and the Department for Business on these issues. We are encouraged that, as part of a comprehensive review of the provision of non-audit services by auditors to audit clients over the past two years, the Auditing Practices Board (APB) and Department for Business are taking forward the principles underlying these recommendations. This includes amending the Regulations. We would very much welcome a recommendation from the Committee that this work be expedited by APB and BIS.

  29.  Over the last ten years there has been a robust debate about the range of non-audit services an audit firm may provide to an audit client. Countries like the UK have adopted detailed regulations in this regard. In our view, delivering the most complete range of permissible services increases an audit firm's knowledge of the audited company, its risks and processes, all of which contribute to audit quality. An "audit-only" firm could be detrimental to audit quality as such firms would encounter difficulty in hiring high quality specialists (eg, in tax and valuations) that are fundamental for a quality audit. Existing professional standards and regulations set appropriate parameters for the scope of permitted non-audit services to audit clients.

  30.  The decision about which permissible non-audit services are obtained from a company's auditor should remain with the audit committee. In many countries, including the UK, the audit committee already plays a key role in this regard.

  31.  We support enhanced disclosures by audit committees about their policy on non-audit services and their reasons for giving approval for significant non-audit engagements. Policy makers might also consider requiring audit committees to pre-approve significant permissible non-audit services. By enhancing pre-approval and disclosures, such as the nature and amount of permissible non-audit services provided by the auditor and the fees, audit committees can best select the most appropriate firms and permitted services for their companies.

Should audit firms be free to provide internal audit services to their audit clients? If they do, isn't it extremely unlikely the external auditor would ever tell the audit committee that the internal audit is rubbish?

Recommendations

  32.  The comments we make below reinforce the importance of:

    (a) strong active corporate governance including improved disclosures in company annual reports of an audit committee's policy on non-audit services and its reasons for approving significant non-audit engagements;

    (b) clearer information in company annual reports about how non-audit services are categorised; and

    (c) policy makers considering whether to require audit committees to pre-approve significant permissible non-audit services.

Comments

  33.  It is not Ernst & Young's policy to perform an outsourced internal audit function for our audit clients. That said, certain limited services are permissible provided that a number of detailed conditions are met. Our policy is in line with the relevant auditor independence standards which guard against the threats of self-review and/or acting as management. These restrictions are entirely appropriate.

  34.  Active corporate governance also plays a very important role. Listed companies generally have audit committee policies covering the type of services auditors may or may not perform. An audit committee would have to authorise the auditor to provide any internal audit-type services. Accordingly, the scenario envisaged by the Committee's question is unlikely to arise.

  35.  It is also important to distinguish internal audit from what might be described as "extended [external] audit services". The Auditing Practices Board has looked at this very issue in its current review of its Ethical Standards. As a result it has sought to clarify the position by amending its Ethical Standards in the following ways:

    (a) Improving the guidance as to what work should be treated as [external] audit work rather than non-audit services;

    (b) Including extended audit services within "audit-related services"; and

    (c) Giving greater guidance on what internal audit services comprise including making a distinction between "assurance activities" designed to assess the design and operating effectiveness of existing or proposed systems or controls (auditor permitted to perform) and "advisory activities" where the auditor is involved in advising an entity on the design and implementation of its risk management, control and governance processes (auditor not permitted to perform).

  36.  We support this move by APB which is consistent with international ethical standards in this area[39]. It is important that an auditor does not perform internal audit-type services where it might threaten his or her independence. However, audit quality must not be threatened by restricting the external auditor to only those procedures set out in auditing standards. This would not be in the public interest. An auditor must continue to be free to perform all necessary procedures for the external audit in order to make the requisite judgments underpinning an audit opinion.




32   http://tiny.cc/1s0mp at page 8. Back

33   http://alturl.com/jgref Back

34   http://www.fsa.gov.uk/pubs/discussion/dp10_03.pdf Back

35   Not published here. Back

36   http://www.ey.com/UK/en/About-us/About-EY---Transparency-Report Back

37   http://www.legislation.gov.uk/uksi/2008/489/contents/made Back

38   http://www.icas.org.uk/site/cms/download/AA/2010/WG_Report_Non_audit_services_January_2010.pdf Back

39   IESBA Code of Ethics paragraph 290.200. Back


 
previous page contents next page


© Parliamentary copyright 2011