Auditors defend themselves after audit flaws made public

Auditors have defended their work after the Audit Inspection Unit published
in-depth performance reports on individual firms for the first time.

The AIU, part of the Professional Oversight Board within the Financial
Reporting Council, said the top seven audit firms’ practices were generally
acceptable, but the reports also highlighted a collection of flaws.

Ernst & Young
In its response to the AIU’s review Ernst & Young said it hoped the
criteria on which auditors are judged in public reports would ‘develop over
time’. It added it would ‘continue to work closely’ with the AIU.

The firm made the comments after the AIU said its audit services were
‘generally good or acceptable’ but added that there was room for improvement in
areas including the independence of some of non-audit services and risk

The unit’s review of 10 E&Y audits carried out between June 2007 and
February this year gave a broadly positive report, but found a number of areas
where there was room for improvement.

The AIU said: ‘We considered there was insufficient evidence on file for one
of the
audits we reviewed to demonstrate that proper consideration had been given to
the possible threats to the firm’s independence and objectivity arising from a
tax audit partner who also provided tax advice to his audit client.’

Auditors are required to identify and assess the risk of clients’ financial
statements being materially misstated. In half of the E&Y audits reviewed,
the AIU believed there was room for improvement.

‘We identified areas for improvement particularly concerning the
identification of significant risks or the evidencing of the evaluation of the
design and implementation of the related controls,’ the AIU said.

Accountants responded after the AIU put individual reports into the public
domain today. The AIU has traditionally kept its previous reporting on auditors
anonymous, but it has now rolled out reports on each individual firm.

PricewaterhouseCoopers , the UK’s biggest audit firm has ‘appropriate policies
and procedures’ in place to deal with its audit clients, but has several issues
to improve on going forward, the AIU said.

The AIU found that the firm has made significant efforts at improvement since
last year’s private report, but raised a number of concerns.

Two FTSE 100 audits were not overseen by PwC’s technical department prior to
issue, although they were reviewed independently.

Internal specialists such as tax partners involved in the audit were rewarded
for selling non-audit services to clients. The AIU believes this is could be
against professional ethical standards.

On one audit, the auditors used internal audit staff to perform ‘limited’
external audit procedures for the external audit team. In the AIU’s view it may
be inconsistent with ethical standards.

‘In our view, the underlying principles of the ethical standards would
indicate that they should be treated in the same way as other audit partners who
are responsible for key audit decisions.’

The firm must demonstrate ‘more clearly’ the extent to which remuneration is
based on considerations of audit quality, the AIU added.

PwC’s response said that the AIU’s report supported the reliability of its
audit opinions, but was concerned that its length and its tone made it difficult
for readers to understand the ‘overall positive conclusion’.

It disagreed with the AIU’s comments on the remuneration of key audit
partners, and was satisfied with how it worked with internal auditors.

In the case of KPMG the AIU reviewed 14 of its audits and said it was
‘generally satisfied’ with the outcome.The AIU praised KPMG’s commitment to the
quality of audit and found it a ‘prominent feature of the firm’s strategy’.

However, KPMG was told it failed to hold enough evidence on file to
demonstrate it has properly analysed and evaluated all the relevant procedures
‘underpinning key audit judgements’, according to the AIU.

The report added: ‘The quality of audit evidence on file did not always
reflect the extent of partner involvement in the resolution of key audit issues
or the thoroughness with which these matters were addressed.’

This was the harshest remark from the inspector in what was otherwise a
satisfactory report for KPMG.

The probe also said the firm had failed to keep enough evidence backing the
use of third-party experts as part of an audit.

In its response to the AIU, KPMG said: ‘While we acknowledge that audit
documentation can always be improved, and we will continue to strive to do so,
this is a key area where judgement is required.

‘It is vital that the public reporting in this area remains balanced – too
much emphasis on excessive levels of documentation will result in a tick box
approach which, in our view, will undermine the very objective we are striving
for – ever increasing audit quality.’

BDO Stoy Hayward
The AIU probed five BDO Stoy Hayward audit engagements. These related to FTSE
250, other listed and other major public interest entities with financial year
ends between December 2006 and May 2007.

The AIU said that BDO’s audit work was generally performed to a ‘good or
acceptable standard,’ but the body said there was a question as to whether BDO’s
auditing of stock had obtained ‘sufficient audit evidence.’

‘In two audits, both of which related to an entity in a sector where stock is
significant, we considered that the audit strategy regarding the audit of
completeness, existence and accuracy of stock was unclear and that, in certain
respects, it was not clear from the audit files whether sufficient audit
evidence had been obtained,’the AIU said.

‘In three cases where analytical procedures were performed to obtain audit
evidence, audit expectations and acceptance thresholds were not sufficiently
established or justified,’ the AIU added.

BDO hit back at the claims. It said: ‘Although the report notes that certain
aspects of our work required signficant improvement, principally regarding the
audit of stock, the AIU has confirmed to us that it was clear that significant
audit effort had been directed towards this area.

‘The findings related primarily to documentation and we acknowledge the
specific improvements required although we would not regard the matters as being
unduly significant.

The firm also said it was important that going forward, the AIU’s reviews
were carried out on a consistent basis.

In PKF’s case, the AIU reviewed 5 audits related to listed and other major
companies with financial year ends between December 2006 and August 2007.

‘Overall, in our view, the firm has in place policies and procedures in all
relevant areas which are subject to our review that are appropriate for its size
and the nature of its client base, the AIU said. However, we have highlighted
certain areas for improvement in this report.

In terms of overall sufficiency of audit evidence, the AIU raised
‘significant concerns’ on audit review:

‘We had significant concerns about aspects of one of the audits that we
reviewed.In our view, there was insufficient evidence on the audit file to
support certain amounts and disclosures in the financial statements and material
late adjustments to the financial statements.’

The AIU was also critical of PKF’s group reporting efforts.
‘Three of the five audits that we reviewed were international group audits and,
in each case, we had certain concerns regarding the group audit work.

These included but ‘were not limited to significant matters reported by the
subsidiary auditors not appearing to have been adequately considered (2 of the 3
audits); certain information requested from the subsidiary auditors was not
provided to the group audit team (1 of the 3 audits); some or all of the
subsidiary auditors reported under local standards, with no evidence on file
that compliance with the additional requirements of UK standards had been
considered (2 of the 3 audits),’ the AIU said.

PKF said it welcomed the AIU report which said the firm had policies and
procedures in the relevant areas in place, but PKF also recognised that
continuous improvement was needed.

In this context the AIU has identified certain areas for improvement in our
procedures. We confirm that these issues have already been addressed.’

Deloitte has been issued with a balanced report of its audit business, however
two individual audits required ‘significant improvement.’

Reviews of 14 individual audits were conducted, and based on this assessment,
the FRC classed Deloitte’s audit work as being ‘generally performed to a good or
acceptable standard’, and in relation to one FTSE 100 entity, to ‘a very good

The AIU said Deloitte had proved its commitment to quality evidenced through
its consistency of approach.

Despite this, two audits reviewed – relating to two unlisted companies
required ‘significant improvement in certain areas.’

In a letter of response to the report findings, Vince Niblett, managing
director of audit at Deloitte, said it provides ‘a balanced view of the results
of their inspection, and we are therefore pleased to record our agreement with
its overall conclusions and findings.’

Grant Thornton
Grant Thornton was given a satisfactory report by the AIU.

The firm, which during the period covered merged with RSM Robson Rhodes, was
commended on maintaining a high level of quality in its work throughout the

But the AIU was critical of Grant Thornton’s rotation policies, which it felt
fell short of best practice.

GT does not require rotation of the engagement partner on audits of unlisted
public interest entities, a stance the AIU questioned. Partners’ involvement in
audits as they climb in seniority is not aggregated, a practice the AIU noted
was under review. The rotation issue, the AIU said, can be clarified by GT’s use
of a single rotation database in order to satisfy ethical concerns.

The AIU did find that GT had taken into account the inspectors’ previous
recommendations and had delivered significant improvements in the areas of risk
assessment and fraud prevention.

Responding to the report, GT noted none of the AIU’s recommendations resulted
in a change of audit opinion.

Phil Crooks, Head of Assurance said: ‘While the report did identify that
there was scope for improvement in certain areas of two audits, the comments
related principally to documentation.

‘Given that the review was of audit work undertaken in late 2006 and early
2007, we have already developed and implemented additional guidance, updated our
operating and monitoring programmes and enhanced our training programmes. None
of their comments caused us to change our audit opinion.’

In the past, the AIU issued an annual public report in which the principal
findings arising from its inspections of the major audit firms in the UK were
dealt with on an anonymous and aggregated basis.

The AIU stressed that all of these reports were subject to limitations.

These included findings reported for each firm in any one year reflecting a
wide range of factors, including the number, size and complexity of the
individual audits selected for review by the AIU which, in turn, reflects the
firm’s client base.

An issue reported in relation to a particular firm might also apply to other
firms without having arisen in the course of the AIU’s inspection fieldwork at
those other firms in the relevant year.

‘Only a small sample of audits are selected for review at each firm and the
findings may therefore not be representative of the overall quality of each
firm’s audit work.’

The Public Oversight Board undertook to publish all the reports for the
2007/8 cycle of inspections on a single date. The fieldwork at each firm is
completed at different times during the year and comprehensive quality control
procedures are applied before the AIU’s private and public reports are

As a result, there is necessarily a significant period of elapsed time
between completion of the AIU’s inspection fieldwork at firms and the
publication of reports on the inspection findings.

Further reading:

seven AIU reports webpage

Related reading