This document was prepared by: Centre for Financial Reporting Reform (CFRR) Governance Global Practice, The World Bank Praterstrasse 31 1020 Vienna, Austria Web: www.worldbank.org/cfrr Email: cfrr@worldbank.org Phone: +43-1-217-0700 © 2018 International Bank for Reconstruction and Development / The World Bank 1818 H Street NW Washington DC 20433 Telephone: 202-473-1000 Internet: www.worldbank.org This work is a product of the staff of The World Bank with external contributions. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors, or the governments they represent. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Rights and Permissions The material in this work is subject to copyright. Because The World Bank encourages dissemination of its knowledge, this work may be reproduced, in whole or in part, for noncommercial purposes as long as full attribution to this work is given. Any queries on rights and licenses, including subsidiary rights, should be addressed to World Bank Publications, The World Bank Group, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2625; e-mail: pubrights@worldbank.org. CONTENTS Acknowledgements.................................................................................................................... 1 Introduction ............................................................................................................................... 2 Why is reporting by AOBs important? ................................................................................... 2 What are the relevant norms and requirements? ................................................................. 3 FOCUS 1: APPROVAL AND REGISTRATION OF EXTERNAL AUDITORS .................................. 6 FOCUS 2: ADOPTION OF STANDARDS ................................................................................ 9 FOCUS 3: INSPECTIONS AND ENFORCEMENT ACTIONS/SANCTIONS................................. 11 Publication of disciplinary sanctions .................................................................................... 16 FOCUS 4: AUDIT QUALITY INDICATORS ........................................................................... 18 FOCUS 5: INTERACTION WITH AUDIT COMMITTEES ........................................................ 21 Annex: Key Survey Results for EU-REPARIS and STAREP Countries ........................................ 24 ACKNOWLEDGEMENTS This Knowledge Paper has been prepared by a World Bank Centre for Financial Reporting Reform (CFRR) team of experts led by Abbas Hasan Kizilbash, Senior Financial Management Specialist, and including Svetlana Platon, consultant, with contributions from Senior Financial Management Specialist Andrei Busuioc and under the guidance of Pascal Frerejacque, Senior Financial Management Officer and Jarett Decker, Head, CFRR, the World Bank. The team wishes to acknowledge the extensive cooperation and assistance received from stakeholders that provided inputs to the team. 1 INTRODUCTION A wave of accounting scandals beginning about 15 years ago, including Enron, WorldCom, and Parmalat, created a consensus among policymakers across the globe that independent auditors were not adequately challenging the financial reporting by their clients and could not be trusted to regulate themselves. Beginning with the Sarbanes-Oxley Act of 2002 in the U.S., there has been a global movement away from self-regulation of the auditing profession and towards independent oversight. Perhaps the most important milestone in this movement was the 2006 Audit Directive of the European Union, which required all EU members and accession candidates to implement independent oversight. A key goal of independent oversight is to provide relevant and reliable information to investors, lenders, audit committees, regulators, other stakeholders, and the general public about auditors and the audit market, among other matters. This paper aims to provide a brief synopsis on the topic of reporting by audit oversight bodies (“AOBs”) through their annual and inspection reports. It outlines international principles and legislative requirements, highlights certain good practices and shares results from a focused survey across EU-REPARIS 1 (Albania, Republic of Macedonia, Montenegro, Kosovo, Serbia, and Bosnia Herzegovina) and STAREP 2 countries (Moldova, Georgia, Azerbaijan, Armenia, Belarus, and Ukraine). Why is reporting by AOBs important? Before the advent of independent oversight, investors, audit committees, regulators, and other interested parties typically had very little information about auditors and the audit market, whether to assess and compare auditors in key areas such as resources and capacity or audit quality and performance, or to consider the effectiveness of the audit industry in fulfilling its mission of improving financial transparency. The audit report itself was a standardized, typically one-page, largely boilerplate document that provided almost no specific information to assess the extent and quality of the work auditors performed to come to an opinion about the fairness and reliability of reported financial information. 3 The audit work papers—which detail the work performed, evidence obtained, and conclusions reached through the audit—are necessarily private documents that typically do not see the light of day, in order to preserve the client’s business secrets and avoid exposure of the auditors techniques and methods. While auditors were sometimes 1 http://web.worldbank.org/WBSITE/EXTERNAL/COUNTRIES/ECAEXT/EXTCENFINREPREF/0,,contentMDK:23650 584~menuPK:9755227~pagePK:64168445~piPK:64168309~theSitePK:4152118,00.html 2 http://web.worldbank.org/WBSITE/EXTERNAL/COUNTRIES/ECAEXT/EXTCENFINREPREF/0,,contentMDK:23468 684~menuPK:9341783~pagePK:64168445~piPK:64168309~theSitePK:4152118,00.html 3 In the recent past, the form of the audit report has been amended to provide more useful information, including about the key matters encountered during the audit. Please refer to ISA 701. 2 required to engage in peer review, this too generated very little relevant and reliable public information. In theory, public accountancy organizations and some regulatory bodies also had disciplinary authority over auditors for poor performance or quality control, but such disciplinary actions were rare and so also provided little relevant information to the public. In sum, auditing was done behind closed doors and memorialized in documents outsiders would typically never see. Stakeholders were often left guessing about the quality and rigor of the work performed and the capacity of the audit firms performing it. This opacity had negative consequences, including limiting genuine competition among auditors for quality performance. If all outsiders could see were boilerplate audit reports and quoted prices for audit services, competition inevitably focused more on price than quality (or even worse, sometimes focused on the auditor’s perceived willingness to accommodate the reporting goals of the company’s management). Lack of transparency helped engender a lack of accountability. Part of the purpose of independent oversight is to help shine a light on this dark realm. By imposing a regime of inspections and enforcement, an independent audit oversight system can accumulate useful and timely information. Inspections typically focus on auditor performance in audits selected for review and the adequacy of quality assurance systems within audit firms, so information from inspections can be useful in comparing the capacity and performance of audit firms. An enforcement regime can help identify, expose, and in some cases, remove the worst performers in the audit market. But to have true impact on decisions of outside users of audit reports and the incentives of auditors to compete on quality, critical information from inspections and enforcement should be made public where feasible. Thus, high quality reporting by AOBs plays a pivotal role in enhancing transparency in audit quality and contributes to a continuous improvement in the quality of auditing. Reporting by AOBs should aim to explain its tasks, targets and competencies; provide guidance for stakeholders; and provide information on its future activities. Importantly, good reporting by AOBs should demonstrate how their activities are making a difference to the financial reporting ecosystem and on audit performance. What are the relevant norms and requirements? The International Forum of Independent Audit Regulators (“IFIAR”) 4 was established in 2006 and consists of independent audit regulators from 52 jurisdictions across the world. IFIAR aims to serve the public interest and enhance investor protection by improving audit quality globally. The forum also enables its members to share knowledge and experiences pertaining to the audit market and audit regulation, particularly inspections of auditors and audit firms. 4 www.ifiar.org 3 IFIAR has published its core principles which seek to promote effective independent oversight globally. IFIAR core principles require that audit regulators should be transparent and accountable 5. The Core Principles are not binding for membership of IFIAR, however, IFIAR Members are encouraged to comply with the Core Principles in their own jurisdictions considering the context of their individual audit markets. Principle 3 of IFIAR outlines that “the audit regulator should have public accountability in the use of its powers and resources to ensure that the audit regulator maintains its integrity and credibility. Further, the decisions and actions of the audit regulator should be subject to appropriate scrutiny and review, including appeal to a higher authority. Transparency should include the publication of annual work plans and activity reports, including the outcome of inspections either in the aggregate or on a firm by firm basis”. In the EU, Directives lay down certain requirements that are required to be achieved, but each Member State is free to decide on how to transpose these directives into national laws. However, Regulations have binding legal force The Directive is applicable to all throughout every Member State and apply directly entities that are required to have a and verbatim. Regulation (EU) 537/2014 and statutory audit, while the Regulation Directive 2006/43/EC prescribe the requirements prescribes requirements for the for reporting by audit oversight bodies. Article 32 statutory audits of Public Interest (6) of the Directive states that the “competent Entities (“PIEs”). authority6 shall be transparent. This shall include the publication of annual work programmes and activity reports” Article 28 of the regulation expands on this requirement and outlines that competent authorities shall at least publish: (a) annual activity reports regarding their tasks under the Regulation 7; (b) annual work programmes regarding their tasks under the Regulation; (c) a report on the overall results of the quality assurance system on an annual basis. This report shall include information on recommendations issued, follow-up on the recommendations, supervisory measures taken and sanctions imposed. It shall also include quantitative information and other key performance information on financial resources and staffing, and the efficiency and effectiveness of the quality assurance system; (d) the aggregated information on the findings and conclusions of inspections. Member States may require the publication of those findings and conclusions on individual inspections. Further, section 30c of the Directive (“Publication of sanctions and measures”) requires that: (i) Competent authorities shall publish on their official website administrative sanctions imposed for breach of the provisions of the Directive or Regulation in respect of which all rights of appeal have been exhausted or expired and the person informed of that decision. 5 IFIAR Core Principles (www.ifiar.org) 6 The term “competent authority” under the Directive “means the authorities designated by law that are in charge of the regulation and/or oversight of statutory auditors and audit firms or of specific aspects thereof”. 7 Oversight tasks include (i) approval and registration of auditors and audit firms (ii)adoption of standards (iii) continuing professional education; and (iv) quality assurance, investigative and administrative disciplinary systems 4 Details should include information about the person responsible for the breach and the nature of the breach. However, competent authorities shall publish details of the sanctions on an anonymous basis in certain cases8.The competent authority shall ensure that the publication of sanctions does not violate the right to respect private and family life and the right of protection of personal data. In addition, section 30f of the Directive states that the annual overview of all sanctions imposed and administrative measures taken by the competent authority shall be communicated to the Committee of European Auditing Oversight Bodies (CEAOB), which will include this information in its annual report. 8 30(c)(2) EU Audit Directive 5 FOCUS 1: APPROVAL AND REGISTRATION OF EXTERNAL AUDITORS Registration is a fundamental requirement for audit firms that are involved with the statutory audits of public interest entities (“PIEs”) and subjects them to the regulatory purview of the AOBs. AOBs typically disclose registration statistics In the US, PCAOB Rule 2100 provides for auditors and audit firms for the current year for the “registration of each public ended and prior years in their annual reports. This accounting firm that (i) prepares or disclosure is important from the perspective of issues any audit report with respect to determining the basic nature and size of the audit any issuer, broker, or dealer; or (ii) market and would also be useful in identifying plays a substantial role in the concentration risk. However, it is to be noted that preparation or furnishing of an audit registration is a task that is sometimes not done report with respect to any issuer, broker, or dealer”. directly by the AOB’s but delegated to the professional accountancy organizations. In the case of Germany, for example, the professional register is held by the Chamber of Public Accountants. A recent paper by Accountancy Europe indicated that responsibilities for registration of both PIEs and non-PIEs auditors have been delegated in half of the EU member states9. Figure 1: US Public Company Accounting Oversight Board (“PCAOB”) registration statistics 10 9 Accountancy Europe “Member States’ implementation of new EU audit rules” 10 PCAOB Annual Report 2016 6 We noted that certain AOBs supplement the disclosure of registration statistics and data with additional valuable information and commentary on the audit market, such as that provided by the Malaysian AOB, 11 which provides insights into key statistics of the top ten audit firms. This includes information on average years of experience, audit staff level by total headcount, and number of training hours for audit staff. As can be observed from the Figures 4 and 5, these provide considerably more useful information pertaining to the audit market and can be used to develop benchmarks to identify trend over time, identify improvement opportunities or to help design audit quality indicators. They can also be used to strengthen registration requirements or to guide inspections. Figure 2: Number of license renewals granted in 2016 by Swiss Federal Oversight Audit Authority (“FAOA”)12 Figure 3: Registration of audit firms and individuals by the Malaysian AOB 11 https://www.sc.com.my/general_section/audit-oversight-board/ 12 FAOA Annual Report 7 Figure 4: AOB Malaysia - average number of training hours incurred 13 Figure 5: AOB Malaysia - average years of experience for audit practice staff 14 Nearly 100% of our surveyed respondents reported disclosing approval and registration details in their reports. 13 Source: AOB Analysis – Top 10 Audit Firms in Malaysia 14 ibid 8 FOCUS 2: ADOPTION OF STANDARDS A rigorous audit process executed in accordance with robust standards has been recognized as a fundamental element of audit quality. Audit oversight bodies typically have responsibility for adoption of standards on professional ethics, internal quality control, and audit performance. For example, in the US, section 101 (“establishment, administrative provisions”) of the Sarbanes Oxley Act (“Act”) requires the PCAOB to “establish or adopt, or both, by rule, auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers”. Section 103 of the Act also prescribes that the PCAOBs annual report should include (i) the results of its standard setting responsibilities (ii) discussion of its work with other stakeholders; and (iii) pending issues related to future standard setting. However, in some jurisdictions AOBs can choose to delegate this task, related to the adoption of standards, to professional accountancy organizations. In the EU, for example, as per Article 24 of the Regulation, AOBs can delegate tasks to As per the EU Regulation the adoption other authorities or bodies provided that (i) there of standards may be delegated by is an express delegation by the AOB specifying the AOBs to professional accountancy delegated tasks and specifying the conditions organizations for both PIEs and non- under which these are to be carried out; and (ii) PIEs. issues pertaining to conflicts of interest must be addressed prior to the delegation. When responsible for this function, AOBs typically involve a variety of stakeholders, including academics, investors, auditors, other standard setters, during the standard setting process. They can also use the results of their own inspection activities as inputs into this process. Box 1: Elements consistently reported in reporting for standard setting 1. commentary on the standard setting process; 2. a description of new standards adopted during the year; 3. details of any proposed standards and/or amendments for future years; and 4. details of interaction with the International Auditing and Assurance Standards Board (e.g. comment letters issued). 5. differences between local and international standards on auditing 9 This reporting, related to the adoption of standards, is therefore, an important tool for AOBs to provide information related to addressing current issues in auditing practices, consultations carried out for the development of new auditing standards, assessing the impact of new standards and expanding outreach to key national and international stakeholders. Recent focus by AOBs has been on developments regarding the new auditors’ report, the auditors’ use of specialists, and the auditor assessment of an entity’s ability to continue as a going concern, which is a key issue in assessing the fairness of financial reporting. Further, some AOBs highlight guidance materials developed to help auditors in applying audit standards. The FRC, UK for example provides “Our aim is to help drive up standards detailed information on the fit for purpose across the whole spectrum of audit practice notes it develops to support the delivery and assurance work, and to provide of high quality audits. These include those support which is helpful to auditors pertaining to audit of charities, housing working in complex areas whether associations, insurers, etc. 15 they are from the “Big Four”, mid-tier, This constituted an area with divergence in smaller firms or the public sector” FRC, UK “Developments in Audit practices for the purposes of our survey, with most 2016/2017 respondents reporting not including information related to standard setting in their reporting. However, this was primarily since in many jurisdictions the standard setting role was discharged by other authorities. 15 https://www.frc.org.uk/auditors/audit-assurance/standards-and-guidance/practice-notes 10 FOCUS 3: INSPECTIONS AND ENFORCEMENT ACTIONS/SANCTIONS A primary purpose and effect of independent public oversight of auditors is to drive improvements in audit quality through a robust inspections process. This has been studied for example by Carson, Simnett, Vanstraelen 16 who found that “level of abnormal accruals is significantly lower for companies domiciled in countries where independent inspections of audit firms are conducted and in IFIAR member countries. This suggests that audit quality is stronger in countries where a national independent inspection regime is in place as well as in IFIAR member countries, where the public oversight board is bound by a number of requirements that are expected to lead to an improved audit environment”. They also found that the level of abnormal accruals was significantly lower in the period after the introduction of inspections compared to the pre-inspection regime. This provided evidence that audit quality improved after implementing public oversight and conducting inspections. Thus, inspections is one of the most critical elements of the auditor oversight process. A key challenge that policy makers grapple with relates Recently, the FRC, UK has also faced to maintaining the right balance between (i) criticism after the bankruptcy of the enhanced transparency; and (ii) confidentiality of construction firm Carillion, plc. Stakeholders raised concerns as to inspection findings. The 2015 report by why investors were not aware that Accountancy Europe on “Organization of the the company was under FRC Public oversight of the audit profession in 23 monitoring. The FRCs position was European countries” 17 highlights this. While the that it was unable to warn investors Netherlands and the United Kingdom published of its concerns due to confidentiality both individual firm quality review results as well requirements built into legislation. as information and decisions on disciplinary measures and sanctions on a named basis; France, Belgium and Austria presented the overall results of the inspection process and information on disciplinary measures and sanctions was presented on an anonymous basis. Publishing individual firm inspections information enhances disclosure regarding audit firm quality and enables users such as investors to assess the quality of corporate financial information. Audit committees can leverage this additional information to effectively discharge their role in the selection and evaluation of audit firms, while the publication of this information may also spur improvements in audit quality through engendering enhanced competition amongst audit firms. However, publication negatively harms the firm’s 16 Carson, Elizabeth and Simnett, Roger and Thuerheimer, Ulrike and Vanstraelen, Ann, The Effect of National Inspection Regimes on Audit Quality (September 27, 2017). Available at SSRN: https://ssrn.com/abstract=3049828 or http://dx.doi.org/10.2139/ssrn.3049828 17 https://www.accountancyeurope.eu/wpcontent/uploads/1506_Public_Oversight_Survey_third_publication. pdf 11 reputation with the potential for loss of confidence in the audited financial statements themselves and resultant negative capital market reactions. Further, public release of individual firm inspection information can significantly enhance litigation risk for auditors and in some cases even for oversight bodies18. Box 2: Relevant extracts from PCAOB Rules & Sarbanes Oxley Act Rule 4009: The portions of the Board's inspection report that deal with criticisms of or potential defects in quality control systems that the firm has not addressed to the satisfaction of the Board shall be made public by the Board… Rule 4010: The Board may, at any time, publish such summaries, compilations, or other general reports concerning the procedures, findings, and results of its various inspections as the Board deems appropriate. Such reports may include discussion of criticisms of, or potential defects in, quality control systems of any firm or firms that were the subject of a Board inspection, provided that no such published report shall identify the firm or firms to which such criticisms relate, or at which such defects were found, unless that information has previously been made public in accordance with Rule 4009, by the firm or firms involved, or by other lawful means. 104 (g) A written report of the findings of the Board for each inspection under this section, subject to subsection (h), shall be— (2) made available in appropriate detail to the public (subject to section 105(b)(5)(A), and to the protection of such confidential and proprietary information as the Board may determine to be appropriate, or as may be required by law), except that no portions of the inspection report that deal with criticisms of or potential defects in the quality control systems of the firm under inspection shall be made public if those criticisms or defects are addressed by the firm, to the satisfaction of the Board, not later than 12 months after the date of the inspection report. 105 (7)(d) (1) If the Board imposes a disciplinary sanction, in accordance with this section, the Board shall report the sanction to— (C) the public (once any stay on the imposition of such sanction has been lifted). (2) The information reported under paragraph (1) shall include— (A) the name of the sanctioned person; (B) a description of the sanction and the basis for its imposition; and (C) such other information as the Board deems appropriate. 18 Where officers of oversight bodies may not be legally protected for actions carried out in good faith. 12 In the US, the PCAOB prepares a report on each inspection of a firm and makes portions of each report publicly available, subject to statutory restrictions on public disclosure. In general, the PCAOB provides the public with a high-level description of deficiencies found in particular audits (without identifying the audited entity by name), but does not publicly report quality control deficiencies identified in the inspection unless the auditor fails to remediate them within a specified time. This threat of publication unless deficiencies are remediated can in itself be used to drive improvements in audit quality. In 2016, the PCAOB issued 215 reports on inspections of individual firms. Relevant PCAOB rules and governing laws are excerpted in Box 2. In Canada, the CPAB’s public reports includes common inspections findings and questions for audit committee consideration to encourage more robust discussions among management, the firm and audit committees and to support audit committees in their oversight responsibilities. At the conclusion of the firm inspection, CPAB also meets with firm leadership to discuss the overall inspection results and then issues its inspection report (a private communication between CPAB and the firm). The inspection report includes a summary of the findings, as well as recommendations to improve audit quality. Each firm shares their file- specific significant inspection findings(private), and CPAB's public inspections report, with their clients' audit committees as per their participation in the Protocol for Audit Firm Communication of CPAB Inspection Findings with Audit Committees (Protocol). Box 3: Elements consistently reported in the area of inspections 1. Details of the inspection selection process and inspection cycles; 2. the number of inspections conducted; 3. aggregated information on inspections and trend wide analysis of inspection findings; 4. key areas of inspection focus. In the United Kingdom the FRC has been designated as the competent authority for audit regulation and is responsible for ensuring audit quality of statutory auditors and audit firms of PIEs and certain other entities. Monitoring of all others has been delegated to Recognized Supervisory Bodies. The FRC publishes its annual report, annual plan and budget on an annual basis. Individual firm quality review results are published, as well as information and decisions on disciplinary measures and sanctions. The FRC also issues reports to audit firms and audit committees which includes an assessment of the audit work performed using the audit quality categories of (i) good (ii) limited improvements required (iii) improvements required; and (iv) significant improvements required. The FRC also presents audit inspection findings analyzed 13 along different areas of audit testing with common themes and weaknesses discussed (Figure 7). Figure 6: Inspection findings overview by FRC UK Figure 7: Analysis of audit inspection findings by FRC UK International Standard for Quality Control 1 19 (“ISQC 1”) outlines a firm’s responsibilities for its system of quality control for audits and reviews of historical financial information and other assurance related services engagements. ISQC 1 requires the firm to establish a system of quality control designed to provide it with reasonable assurance that the firm including its 19 “Quality Control for firms that perform audits and reviews of financial statements and other assurance and related service engagements” 14 personnel comply with all relevant professional standards and regulatory and legal requirements and that the reports issued by the firm are appropriate in the circumstances. It outlines the elements for a system of quality control at the firm level and which include (i) leadership responsibilities (ii) engagement acceptance and continuance (iii) engagement performance (iv) ethical and independence requirements (v) human resources; and (vi) monitoring and documentation. Certain AOBs (i) group inspection results along these ISQC 1 elements, and present their inspection findings segregated between large and small audit firms (Figure 7). Segregating findings along ISQC 1 themes makes it easy to identify the particular element(s) of audit quality which have led to deficiencies and for remedial efforts to be focused in these areas. It is pertinent to mention that the International Federation of Independent Audit Regulators (“IFIAR”) survey of inspection findings also presents survey findings based on the different elements of ISQC 1 (Figure 10). Figure 8: AOB Malaysia - number of Major Audit Firms with findings in the six elements of ISQC 1 in 2016 20 Figure 9: FAOA - type and number of findings from the 2016 file reviews at the five largest audit firms (total 38 Findings) 20 Source: AOB 15 Figure 10: IFIAR Survey of Inspection Findings 2017 21 Publication of disciplinary sanctions Where individual disciplinary sanctions are published they usually include details pertaining to (i) the firm or individual sanctioned, (ii) the nature of the violation; and (iii) the sanctions imposed (Figure 9). The PCAOB provides very detailed orders in both settled and litigated disciplinary cases, to give a very clear view of the fact patterns and the audit or other deficiencies 22. Figure 11: Cases concluded in the current period by FRC UK 23,24 21 www.ifiar.org 22 Available at https://pcaobus.org/Enforcement/Pages/default.aspx 23 FRC Developments in Audit 24 Original footnote 61: FRC announced the closure of this investigation on 5 June 2017. The Executive Counsel concluded that there was not a realistic prospect that a Tribunal would make an Adverse Finding against PwC LLP and certain Members in respect of the matters within the scope of the investigation. https://www.frc.org.uk/Newsand-Events/FRC- Press/Press/2017/June/Closureof-investigation-into-heconduct- of-membe.aspx 16 17 FOCUS 4: AUDIT QUALITY INDICATORS Audit quality indicators (AQIs) refers to a set of indicators designed to measure audit quality and provide a basis for comparison across different audits and audit firms. AQIs seek to increase transparency around the audit process also provide a means for audit committees and AOB’s to gauge the quality of audits and provide valuable and pertinent information for their activities. There has been considerable interest recently around the topic of AQIs including initiatives by the PCAOB 25, the Center for Audit Quality in the United States26 as well as by the CPAB 27. In Singapore, the Accounting and Corporate Regulatory Authority (ACRA) introduced an Audit Quality Indicators Disclosure Framework (the “AQI Framework”) consisting of eight quality indicators for voluntary adoption by the audit committees of all listed companies in Singapore. The indicators relate to audit hours, experience, training, inspection, independence, quality control, staff oversight, attrition rate. Accountancy Europe in its July 2016 publication “Overview of Audit Quality Indicators Initiatives” provides a useful summary of organizations that are implementing AQI initiatives in their respective jurisdictions (Figure 12). Certain jurisdictions such as the UK now also require Audit Committees to report on how they have assessed the effectiveness of their external audit process and AQIs can be invaluable in this regard. That AQI’s have significant potential to positively impact audit quality have also been borne out by studies carried out by audit oversight bodies such as CPAB which have run AQI Pilot projects28 and which suggests that the use of AQIs could provide several additional benefits to improve audit quality including through (i) “a better understanding of management, audit committee and external auditor expectations of their roles in the audit and responsibilities related to audit quality, particularly as a result of discussions about how to evaluate AQIs and what benchmarks should be set; and (ii) an improvement in the knowledge of, and engagement in, the audit process and audit quality by all members of the audit committee”. Box 4: Elements consistently reported in the area of Audit quality indicators 1. Description of any pilot projects planned to study the use of AQIs; 2. a description of how audit quality indicators are being used by the AOB e.g. for inspection planning and risk assessment; and 3. quantitative information on AQI’s (refer to example from the Federal Audit Oversight Authority (FAOA) from Switzerland in Figure 12). 25 PCAOB Concept Release on Audit Quality Indicators July 01, 2015 26 CAQ Approach to Audit Quality Indicators 27 2016 Audit Quality Indicators Pilot Project Interim Report 28 CPAB 2016 Audit Quality Indicators Pilot Project Interim Report 18 Figure 12: Overview of AQIs through different initiatives Figure 13: ACRA’s targets for selected AQIs 19 The FAOA utilizes quantitative indicators to gather information from the five largest audit firms. The FAOA utilizes these indicators for inspection planning, risk assessment, trend analysis and the prompt identifications of any factors that may impair audit quality. It supports the use and sharing of AQIs as a means of promoting audit quality and fostering competition amongst audit firms. Figure 14: FAOA Comparison of selected performance indicators relating to the audit function of the five largest state regulated audit firms A majority of our survey respondents reported that they either already did report or planned to report audit quality indicators going forward. 20 FOCUS 5: INTERACTION WITH AUDIT COMMITTEES Audit Committees can play a critical role in building an appropriate framework for corporate governance and for high-quality external audits; this requires that its members have the right skills and experience, and have a good understanding of internal controls, internal audit, and external audit systems. Audit Committees are typically responsible for monitoring the integrity of the financial statements; making recommendations for the appointments, reappointments and removal of external auditors; reviewing and monitoring the external auditor’s independence and objectivity; and overseeing the overall effectiveness of the audit process 29. “I feel passionate about audit committees. For some of you, this might be the first time you have ever heard someone associate passion with a board function. But, I believe qualified, committed, independent and tough-minded audit committees represent the most reliable guardians of the public interest. There is no reason why every company in America shouldn't have an audit committee made up of the right people, doing the right things and asking the right questions. Only audit committees and CFOs can effectively ask if their auditors are truly independent. Only audit committees can ask everyone – including CEOs, financial executives and the independent auditors – if high standards are losing out to questionable practices. You don't have an obligation to a Wall Street number. You don't have an obligation to meet some arbitrary internal target. But, you do have a clear obligation to every shareholder that has invested his or her trust and future in your company”. — Speech by Arthur Levitt, Chairman, U.S. Securities & Exchange Commission to the Financial Executives Institute, New York, New York 30 The role of Audit Committees has also been discussed extensively in the EU Audit legislation. The Directive requires Member States to ensure that each Public Interest Entity has an Audit Committee and outlines the Committee’s responsibilities for (i) monitoring the financial reporting process (ii) the effectiveness of the company's internal control, internal audit and risk management systems (iii) monitoring the statutory audit of the annual and consolidated financial statements; and (iv) reviewing and monitoring the independence of the statutory auditors. The Regulation also includes provisions that emphasize Audit Committee oversight 29 UK Corporate Governance Code 30 http://www.sec.gov/news/speech/speecharchive/1998/spch227.htm 21 including over monitoring the level of audit fees, the provision of non-audit services, appointment of statutory auditors and monitoring auditor independence. The Directive (Article 39.1) prescribes requirements related to the constitution of the Audit Committee, including that: i. The Audit Committee shall be composed of non-executive members of the administrative body and/or members of the supervisory body of the audited entity and/or members appointed by the general meeting of shareholders of the audited entity or, for entities without shareholders, by an equivalent body. ii. At least one member of the audit committee shall have competence in accounting and/or auditing. iii. The committee members as a whole shall have competence relevant to the sector in which the audited entity is operating. iv. A majority of the members of the audit committee shall be independent of the audited entity. The chairman of the audit committee shall be appointed by its members or by the supervisory body of the audited entity, and shall be independent of the audited entity. There has also been an enhanced focus on the interaction between Audit Committees and AOBs as effective communication between them improves audit quality through the effective oversight of the external auditor’s work. They constitute one of the most important stakeholders of the AOB and play a complementing role to its activities. AOBs’ inspection results and assessments of risks can provide key information to Audit Committees to help them discharge their responsibilities effectively. The AOBs also benefit from insights into the functioning of Audit Committees and the nature of their engagement with and evaluation of the work of external auditors. “Currently, it’s difficult for audit committees to differentiate among audit firms based on quality. There is little line of sight or transparency to the audit committee regarding quality audit work. Audit committees therefore assume that all audit firms comply with the standards and deliver good work. They rely on the regulator’s inspections to ensure quality. They focus their attention on other visible factors, like the people they interact with, the fees they pay and the level of service they receive”. — Remarks by Brian Hunt, former CEO CPAB, Symposium for Accounting Academics and Educators: Critical Perspectives, The Auditor of the Future 22 Box 5: Elements consistently reported in reporting vis-a-vis Audit Committees 1. Nature of interaction with and outreach to Audit Committees; 2. Commentary on AOB activities as inputs to Audit Committee assessments of audit quality; 3. Results of any survey of Audit Committees on audit quality and guidance material prepared. However, for most of our surveyed REPARIS/STAREP countries no such information is disclosed with one of the main reasons being the absence of a mandatory requirement for the existence of Audit Committees in these jurisdictions. 23 ANNEX: KEY SURVEY RESULTS FOR EU-REPARIS AND STAREP COUNTRIES Chart 1: Key Yes/No Results Approval and Registration information 11 1 Information related to the standard setting 6 6 Engagement with Audit Committees 9 3 Audit Quality Indicators reflected 5 4 3 Presentation of trends in inspection 7 yes or planned 5 findings Presentation of trends in inspection 7 5 findings Inspection findings segregated between 3 7 2 large and small audit firms Outcomes of Inspections published 10 2 Yes No Planned Chart 2: Inspections results published in aggregate or firm by firm basis Not published 3 Both 3 Firm wise 2 Aggregate 4 24