A new report issued by an independent U.K. committee convened to review just about every facet of the audit function—from internal controls to internal audit to the independent assurance function offered by the Big Four and others—is urging a complete overhaul of the audit process.
The Brydon Report, issued today, comes in the wake of some high-profile public company collapses in the United Kingdom, including construction company Carillion, retailer BHS, and travel firm Thomas Cook, and was overseen by former London Stock Exchange chairman Sir Donald Brydon. It is titled, “Assess, Assure, and Inform: Improving Audit Quality and Effectiveness,” and runs a full 138 pages.
“Audit is in need of urgent reform if we are to increase confidence in business and increase the chances of preventing unnecessary corporate failures,” Brydon said in a statement announcing the report.
The Brydon Report calls for a massive shakeup of the external audit industry, including the separation of audit from accountancy, with a specific license to operate; a redefining of audit’s purpose and mission; the creation of a new audit regulating body, known as the Audit, Reporting, and Governance Authority; a requirement for audit firms to look for fraud and abuse during engagements, and for additional training for auditors in forensic accounting and fraud detection. Brydon’s review, based on more than 120 submissions from industry experts and more than 150 stakeholder meetings, implores a redefinition of audit, reinforcing its role as a public interest function.
Internal Audit Reforms
While the report focuses on the independent audit function, it does include several recommendations for reforming the internal audit function as well. Among those is the adoption of a new Internal Audit Code of Practice, which is expected to be issued next month.
“Audit is in need of urgent reform if we are to increase confidence in business and increase the chances of preventing unnecessary corporate failures.”
—Sir Donald Brydon, author of the Brydon Report
The new code, which is based on the Chartered Institute of Internal Auditors’ code for the financial services industry issued in 2013, is expected to contain 38 recommendations to increase the effectiveness of internal audit functions at U.K. companies. According to the Chartered IIA, among them are likely to be:
- Unrestricted access for internal audit. Internal audit should not be stopped from looking at any part of the organization it serves.
- Full access for internal audit to senior meetings. Internal audit must have the right to attend board and executive committee meetings.
- Full access for internal audit to key management information. Internal audit must have timely access to key management information.
“We believe the Brydon recommendations strengthening the requirements on company directors in relation to governance, risk and internal controls should help to raise corporate governance standards,” said Ian Peters, chief executive of the Chartered Institute of Internal Auditors. “Strong, effective and well-resourced internal audit functions have a central role to play in supporting boards to step up to the plate and meet these enhanced responsibilities.
The Brydon Report also calls for greater collaboration between the internal audit and external audit processes. “Whilst there are limits to the reliance that external auditors may wish to place on the work of internal audit, the external and internal auditors should meet to share all relevant information at the start of setting the audit plan and assessing the environment in which an audit is to take place,” the report states.
A U.K. Version of SOX?
Included in the Brydon recommendations is a strengthened framework around internal controls, including a U.K. version of reporting requirements on internal controls similar to those included in the U.S. Sarbanes-Oxley Act (SOX). “Serious consideration should be given to the case for a strengthened framework around internal controls within U.K. companies, learning relevant lessons from the United States experience of implementing and operating the 2002 Sarbanes-Oxley Act,” the report states.
A U.K. version of SOX might include requirements for:
- Signed attestation by the CEO and CFO to the board that an evaluation of the effectiveness of the company’s internal controls over financial reporting has been completed and whether or not they were effective.
- The failure of relevant controls in the 12 months prior to the attestation or in the 12 months following should result in a requirement for future statements to be audited for a period of three years following the failure.
- Where weaknesses or failures in controls have been reported, it should become an obligation on directors to report on what remedial actions have been taken and on their effectiveness.
The recommendations of the Brydon report, along with other reports that have come in the wake of the U.K. corporate failures, will now be considered by U.K. legislators and still face many hurdles to becoming enacted.
“Now Brydon has reported, we would also like to see the government accelerate reform of the audit regulator, speeding up the legislation required to establish and put the new Audit, Reporting, and Governance Authority on a statutory footing, with the powers and authority it needs to do its job properly,” says Chartered IIA’s Peters.
With the intense heat on U.K. government officials to do something in the wake of such immense company failures, expect some reforms to become law. Still, don’t expect the powerful Big Four to easily commit to such vast changes to their overall structure and business. Just how sweeping final regulations will be is still anyone’s guess.
Joseph McCafferty is Editor & Publisher of Internal Audit 360°
Interesting. Thank you for sharing. I hope whatever reform related to internal Audit, considers the substantial work published in Sawyers 7th Edition, Enhancing and Protecting organizational value. As one of 10 contributing authors from around the globe we spent 2 years creating this entirely new book through the Internal Audit Foundation of the IIA. In the book it describes 5 generations of services and products produced by the industry. Two from the past, One largely reflective of today and two that are aspirational of what value could come from tomorrows internal audit services.