ASSESS, ASSURE AND INFORM - GOV.UK

1 ASSESS, ASSURE AND INFORM . IMPROVING AUDIT QUALITY AND. EFFECTIVENESS. REPORT OF THE INDEPENDENT REVIEW INTO THE. QUALITY AND EFFECTIVENESS OF AUDIT. SIR DONALD BRYDON CBE. LONDON. DECEMBER 2019. Crown copyright 2019. This publication is licensed under the terms of the Open Government Licence except where otherwise stated. To view this licence, visit government-licence/version/3. Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned. Any enquiries regarding this publication should be sent to us at Printed on paper containing 75% recycled fibre content minimum Printed in the UK by the APS Group on behalf of the Controller of Her Majesty's Stationery Office 1.

2 Contents 1. Preface 4. 2. Summary of Conclusions 6. 3. Introduction 16. 4. Expectation and Other Gaps 20. 5. A redefinition of audit and its purpose 22. Purpose 22. Audit and decision usefulness 23. New Information 24. Audit and assurance 26. Audit standards and the law 29. 6. A new profession: Corporate Auditing 30. Subject specific auditors 32. Establishing standards in new areas 32. Establishing the role of Principles 33. Principles of Corporate Auditing 34. Applying the Principles of Corporate Auditing 35. Education and qualification 35. Education of corporate executives and non-executive directors 38. Acting in the Public Interest 38.

3 7. Quality of Audit 40. 8. Shareholders and other stakeholders 43. An Agency Problem 43. Producer-led audit 44. Asset managers 44. Stakeholders 45. 9. Engaging the Shareholders 47. Risk Reports as a point of engagement 47. Beyond the statutory audit 49. Avoiding an everything-must-be-audited culture 50. Audit fees 50. General Meetings 52. Institutions and Implementation 52. 2 Independent Review into the Quality and Effectiveness of Audit 10. An Audit and Assurance Policy 54. Fair, balanced and understandable 55. Giving employees a voice 56. 11. True and fair? 57. 12. Accounting Records 60. 13. Internal Controls 62. Introducing a UK version of SOX.

4 62. Internal Audit 64. 14. Fraud 65. Clarity of auditor obligations 66. Directors' obligations 67. Forensic skills 67. Fraud Register 68. Post Fraud Judgments 68. A Fraud Package 69. 15. A question of fit 70. 16. Signalling Concern 72. 17. Communicating judgments 74. CGUs and Goodwill 75. Culture 75. Consistency 76. Quality of Estimates 76. Graduated Findings 77. Preliminary Results 78. 18. Resilience 80. A resilience statement 81. 19. Capital Maintenance 83. 20. Alternative Performance Measures and Key Performance Indicators 85. APMs 85. KPIs 86. Risk Weighted Assets 87. 21. Payment Practices 88. 22. Whistleblowing 89. 3. 23.

5 Resignation or Replacement of Auditor 91. A General Meeting 93. Tenure 93. 24. Technology 95. Obstacles to progress 96. A new challenge for ARGA 99. 25. Auditor liability and transparency 100. Limiting liability 101. Greater transparency 101. Audit Firm Culture 102. 26. The Regulator (ARGA) 103. Celebrate the good, chastise the bad 103. Audit Quality Inspections 104. Engage the users 104. 27. Audit & Risk Committees 105. Audit committee transparency 105. Audit committee functioning 106. Audit committee chairs and the risk of balkanisation 106. Audit & risk committees or risk committees 107. 28. Implementation 108. Cost benefit 108.

6 Turning recommendations into action 108. 29. Conclusion 110. Appendix 1 Summary of responses to the Call for Views 111. Appendix 2 Terms of Reference 115. Appendix 3 Advisory Board and Auditors' Advisory Group 118. Appendix 4 List of respondents 119. Appendix 5 Recent projects relevant to Review 122. Appendix 6 Extract from Professor Andrew Likierman's submission on professional judgment 124. Appendix 7 Public Interest Entities (PIEs) director and statutory auditor public interest statements a note for The Brydon Review: Dr. Carien van Mourik and Prof. Chris Humphrey 126. Appendix 8 List of acronyms used in this report 133.

7 Appendix 9 A poem on auditing taken from a 1951 edition of the Accounting Review 135. 4 Independent Review into the Quality and Effectiveness of Audit 1. Preface Language matters. How audit is described influences how it is conducted and how users respond to it. It starts with a clear description (certainly from auditors) that it is for directors to communicate about their company and, within limits , for auditors to confirm what is communicated. Michael Power titled his book in 1997 The Audit Society Rituals of Verification1. The quality and effectiveness of audit has become an increasingly contested issue, with the result that this Review has been commissioned.

8 Some consider that audit is good enough but the starting place of this Report is that it is not. At a time when information is everywhere and there is no obligation on users of the internet to be truthful, it matters even more that shareholders, and others, can trust what directors are communicating. Auditors have a unique advantage in having the right to see everything that goes on in a company and to assess whether that trust is deserved. There has been a slow evolution, since the 1970s, in the role of audit from being just a periodic external check on the accuracy of financial reporting towards a value adding function, but this has further to In hiding behind the need only to confirm and verify, many auditors have failed to grasp the opportunity to make their reports more informative.

9 Many do take this opportunity in private, communicating well beyond the narrow confines of auditing standards when reporting to audit committees, but not to shareholders or other stakeholders. There needs to be a fundamental shift in definition and approach to ensure that all appropriate opportunities are taken for the auditor to INFORM as well as to confirm and verify. This will mean sometimes going beyond the information contained in the statements of the directors. With this change in mindset, and appropriate structures and principles, combined with more focused training and better user engagement, I consider that audit can serve a much more useful purpose.

10 Audit is not broken but it has lost its way and all the actors in the audit process bear some measure of responsibility. It is particularly difficult to analyse because it is a credence good one where its true quality is unknown at the point of use. It has been stated that one important implication of viewing auditing as a credence good is that the quality of individual 1. Michael Power, The Audit Society Rituals of Verification; Oxford University Press (1997). 2. David Gwilliam, Audit methodology, risk management and non-audit services: what can we learn from the recent past and what lies ahead?; ICAEW Briefing (May 2003) (based on a P D Leake Lecture at Chartered Accountants' Hall, 14 May 2003).