Improvements in the corporate governance code and a new regulator could provide the impetus for auditors to take a bigger role in fraud detection, though commentators are split over how meaningful the changes will be
When Andrea Leadsom called for action after corporate collapses at Carillion, BHS, Thomas Cook and Patisserie Valerie, much was expected of an imminent government response.
In October 2019, the then business secretary said: “Where legislation is required, as with reform to the audit market, the government remains committed to legislating as soon as parliamentary time allows.”
There was initial high expectation of improving auditors’ responsibility for fraud detection, to prevent another Patisserie Valerie-style collapse, where a £40m black hole was discovered in the accounts of the £450m listed cake shop chain the previous year.
“Patisserie Valerie pushed the issue of auditor responsibility [for fraud detection] to the fore after so many accounting scandals. A lot of energy went into the debate around making auditor responsibility a priority,” says Ilias Basioudis, associate professor of financial accounting and auditing at Aston Business School, and chair of the auditing special interest group of the British Accounting and Finance Association.
Things appeared to be moving in the right direction with a wide-sweeping consultation launched soon after by the Department of Business, Enterprise & Industrial Strategy (BEIS), now called the Department for Business and Trade.
How a new regulator, in the form of the Auditing, Reporting and Governance Authority (ARGA), superseding the FRC, could improve on the performance of its heavily-criticised predecessor, was included in the consultation process.
But despite its worthy aim of restoring public trust in how large UK companies are run, drawing over 600 responses, the government said respondents to the consultation were divided in their views on this issue and on how they treated it.
For example, reporting on fraud detection and reporting on the work done to assess relevant internal controls were often treated as two separate issues, the government said in a summary of responses.
The summary said: “respondents from a cross-section of stakeholder groups – business representative organisations, audit firms, professional associations, and limited companies – readily agreed that greater reporting from auditors on their steps to detect fraud would be helpful.”
The key players in the issue, the Big Four accountancy firms PwC, KPMG, EY and Deloitte, confirm that they responded to the consultation, but have given little away on the substance of their responses, especially on the issue of fraud detection.
Paul Stephenson, managing partner UK auditing and assurance at Deloitte, the only Big Four firm to comment, says: “We recognise that auditors have an important responsibility in identifying material fraud. As outlined in our 2021 response to the BEIS consultation, we support the reinforcement and clarification of the responsibilities of both directors and auditors in respect of the detection of fraud. The prevention and detection of fraud must be considered alongside the measures taken to strengthen the internal control environment, as these matters are closely linked.
“Meaningful reform of audit and corporate governance is ultimately going to require policy makers, auditors, regulators, directors and investors to work together and play their part in improving the system.”
KPMG’s response regarding the issue simply reads: “We are supportive of greater clarity of the responsibilities of directors and auditors in relation to the prevention and detection of fraud. We have recommended this is covered by the proposed new internal controls reporting.”
The nearest you can get to understanding PwC’s approach is a bland statement on the firm’s website. “We will continue to engage with BEIS and the regulator as they work through the next stage of developing the legislative and regulatory changes,” it reads. Challenger firms BDO and Grant Thornton also declined to comment.
When it comes to the institutes, the general opinion is that the momentum is in place for fraud to be addressed by ARGA in a more meaningful way than the FRC as its mandate will also include strengthening of companies’ internal controls through the Corporate Governance Code.
“The FRC is consulting on its ethical standards amid a broader landscape around economic crime that the government is taking forward at the moment,” says Laura Hough, director of trust and ethics at the ICAEW.
Key figures from the institutes say they have confidence in the future set-up, striking a pragmatic tone recognising major frauds are rare, and usually form only part of the story in examples of corporate collapse, and that the resourcing and potentially escalating costs of larger audits need to be kept in mind.
“Raising standards and improving audit quality requires further resource, and the availability of high quality resource is currently a challenge,” says Katharine Bagshaw, senior manager, auditing standards at the ICAEW.
With that in mind, Hough also argued that accounting firms are being strategic in how they deploy forensic accountants in audit planning meetings “to strengthen awareness of the risks of fraud and support assessment of fraud risk”.
Antonis Diolas, head of audit and assurance at ACCA, says the association was supportive of many aspects of the consultation. “There was talk about requirements for directors to state what they’ve done in terms of preventing and detecting fraud, leading to the relevant proposed amendments to the Companies Act 2006, which is a really important move by the UK,” he says.
Diolas says the UK moved ahead of the global trend to tackling fraud by revising UK standard ISA (UK) 240, “which brings greater focus on professional scepticism,” aligned to report statements “which need to state whether the audit was capable of detecting irregularities including those in relation to fraud”.
He also adds that “The International Auditing and Assurance Standards Board (IAASB) global standard on fraud is currently under revision, with some of the proposed revisions pre-empted by the UK standard.”
But while the institutes are sanguine about progress, the largest accountancy firms have been trying to thwart efforts by America’s Public Company Accounting Oversight Board to take more responsibility for tackling fraud at the companies they audit, according to a report by the Financial Times in July.
The FT claimed the firms are trying to sign up clients to oppose the US plan, which would widen auditors’ responsibility to scrutinise whether a company is complying with laws and regulations, and to communicate concerns to its board, on the basis that audit fees will rise sharply if the changes are passed through.
The issue of rising cost is a key consideration. “Most audits are much more rigorous and deeper than ever before, but also more expensive,” says a corporate leader who declined to be named.
Another hurdle in the way of developing auditor’s responsibility for fraud detection might be a lack of political will, says Richard Murphy, professor of accounting practice at the University of Sheffield Management School.
He says the appointment of Kwasi Kwarteng as chancellor in last year’s brief Liz Truss administration effectively killed momentum for the agenda, arguing that in the case of a general election win for Labour, a vast in-tray could stymy any progress.
“We are not going to be seeing change whatever happens, in the immediate future,” says Prof Murphy, who describes the plans for new standards on internal control in the consultation, as “a bit of a red herring”, as he says there has already been significant focus on this area.
Murphy also argues that artificial intelligence (AI) could pose dangers that have not been addressed in the BEIS consultation, arguing that it will “dramatically change the risk profile of companies and auditors because of the ability to generate false contracts with supporting documentation, false bank statements, false cash flows”.
At the moment, the only certainty from commentators is that ARGA will come into being, though it may not be in this parliament, says Bruce Cartwright, CEO of Scottish institute ICAS.
Newspaper reports last month said legislation needed to deliver the changes by 2024 were not expected to be covered in the King’s Speech in November.
Cartwright says the “direction of travel is good” with plenty of cross-party support for delivery of the new regulator. “It’s a question of timing, not if it will happen,” he says.
The concern for many though is that even with a new regulator in place, an opportunity to improve auditors’ responsibility for fraud detection may be lost for good.
