Aci Ec Audit Reform

7/28/2019 Aci Ec Audit Reform

1/14

EC Audit Reform

January 2012


2/14

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member

firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity.

All rights reserved

Introduction

Timeline and process

Audit-only firms

Mandatory audit firm rotation

Mandatory audit tendering

Restrictions on non-audit services

Audit committee requirements

Fee limits imposed on auditors

Audit report

Private report to the audit committee


3/14



All rights reserved

Introduction

The proposed Directive and Regulation issued by the European Commission on 30 November, represent the latest stage in a consultation process that

started with the publication of the Green PaperAudit PolicyLessons from the Crisis in October 2010.

The proposals have two main thrusts:

To reduce concentration in the market for audits, with new requirements imposed for audit tendering and auditor appointment; and

To address perceived threats to auditor independence, such as long tenure and non-audit services, by mandating audit firm rotation and imposing

significant new limits on non-audit services, and potentially requiring the largest networks to be composed of audit-only firms within the EU.

The Commission is also proposing changes to the form and content of an auditors report to shareholders, the requirements relating to audit committees

and to the structure and regulation of the audit market in the EU. The proposals introduce an expanded definition of a Public Interest Entity (PIE) which, in

addition to listed entities, encompasses a range of financial institutions and a new Large PIE category (broadly listed companies with a market

capitalisation, or relevant financial institutions with balance sheet/assets under management, in excess of1 billion).

The Directive amends the current Statutory Audit Directive, applying to all statutory audits. A final Directive would need to be implemented by EU member

states into national law. The Regulation, which contains many of the more controversial proposals would, in its entirety, apply directly in all Member States

when it comes into force.


4/14



All rights reserved

Timeline and process

The proposals now pass from the EC to be discussed and negotiated within the parameters of the Economic and Financial Affairs (ECOFIN) Council in the

Council of Ministers and the Legal Affairs (JURI) Committee in the European Parliament. This process may take two years or more as many Member

States and MEPs are against some of the more radical proposals, and there is disquiet amongst some of the other commissioners. As a result, there is

a long way to go and many hurdles to overcome before the final regulations become clear.

Companies wishing to influence the debate need to be cognizant of the ongoing process and the individuals involved.

In the European Parliament, Sajjad Karim (UK Conservative MEP) is the Rapporteur in the JURI Committee. Negotiations will begin with an exchange of

views within the Committee so that the Rapporteur can work towards producing a draft report. Once the draft report has been presented, the Committee

will discuss the draft report and table amendments before a set deadline. Once the amendments have been considered in the JURI Committee, the

Rapporteurs report (with the then consolidated amendments) will then be voted upon. The report then needs to receive a majority vote in the European

Parliamentsplenary session in Strasbourg before it is adopted.

The EU presidency is also key as once the ECOFIN Council has adopted its position, a representative of the relevant rotating presidency (the current

presidency is Denmark, Cyprus take over on 1 July 2012 and then Ireland will take over on 1 January 2013), the responsible Commissioner (Michel Barnier,

DG Internal Market and Services) and the responsible Rapporteur (Sajjad Karim) will negotiate a position in trialogue discussions. If successful, then a joint

text will be adopted. If not, then the dossier will return to the European Parliament for a Second Reading.

30 November 2011

Proposals published

End of 2015Spring 2012 End of 2012 End of 2014

Prohibition on large firms providing

non-audit services applies three yearfrom the date the Regulation comes

into force

Most of the provisions apply

two years from the date theRegulation comes into force

Final texts expected to be adopted.

Regulation and directive come intoforce 20 days from publication date

Debate in ECOFIN and

JURI expected to begin


5/14



All rights reserved

Audit-only firms

Proposal Implication

This requirement would apply to any network:

whose member firms have combined annual audit revenues within the EU over 1,500 million; and

which has at least one member firm that generates more than one third of its annual audit revenues

from audits of Large PIEs.

If these thresholds are exceeded then all of the member firms of that network, including those outside

the EU, would be banned from providing non-audit services within the EU.

This requirement seems intended to apply only to the Big 4 networks. It could impair the ability of

member firms of the affected networks to access the breadth and depth of expertise they currently bring

to their audits.

In our view, audit only firms would undermine the ability to recruit top quality staff (bothaudit staff and other specialists) with consequent impact on audit quality and value for audit

clients. Furthermore, the reduced financial scale of audit only firms would impact on their

ability to invest and also therefore impact on quality.

We therefore remain committed to being a full Multi-Disciplinary Firm (MDF) and do not

consider prevention from continuing as a MDF to be the probable (or, indeed most likely)

outcome.


6/14



All rights reserved

Mandatory audit firm rotation


Under the Regulation, the initial audit appointment would have to be for at least two years. Theappointment may be renewed only once and the maximum appointment term would be:

6 years (extendible to 8 years on an exceptional basis by audit regulator)

9 years (extendible to 12 years on an exceptional basis by audit regulator) if joint audit

A cooling off period of a minimum of 4 years applies before the same auditor can be reengaged.

As currently drafted, this proposal contains an implicit criticism of the audit committeesability to determine whether and when to change auditor.

Furthermore, this proposal represents a major change with significant cost implications due

both to the frequent rotation of audit firms and also the tendering requirements noted below.

It will also constrain the audit committees (and shareholders) choice of audit firm which

could be detrimental to audit quality.

The proposed ban on auditors providing many non-audit services (see below) means that

these may also need to be rotated when a new auditor is appointed.


7/14



All rights reserved

Mandatory audit tendering


The audit committee will be required to identify at least two choices, unless it is proposingreappointment of the incumbent auditor (subject to the maximum six or nine year tenure described

above). It would identify which firm it preferred and would have to provide a justification of its

recommendation. At least one of the firms invited to tender at the start of the process must be a smaller

firm, i.e., one that has less than a 15 percent share of the audit fees of Large PIEs in that member state.

The Regulation contains specific requirements for the process that the audit committee must follow.

European regulators (EBA, ESMA and EIOPA) will produce guidance on appropriate auditor selection

criteria and a competent authority will produce an annual list of eligible smaller audit firms. It is unclear

at the moment how frequently eligible smaller firms will accept tender invitations.

As currently drafted, the Regulation would impose new statutory requirements on all PIEs(irrespective of size) in respect of the audit tender process and will most likely:

restrict the flexibility currently available; and

increase cost

become more time-consuming

be impractical (as the audit committee will have to negotiate two contracts with the two

potential firms before presenting the choice to the AGM

create unnecessary bureaucracy as smaller firms are unlikely to be appointed if the audit

committee wouldnt naturally include them in the tender process


8/14



All rights reserved

Mandatory audit tendering transitional provisions

Date audit contract entered into Maximum engagement period Maximum renewal period Maximum total

term

Pre adoption date 4 accounting years from the date the Regulation

comes into force

5 years if auditor provided not more than 10 years of

continuous service

4 years if auditor provided between 10 and 20 years of

continuous service


continuous service


continuous service 1 year if auditor provided more than 100 years of

continuous service

Between 5 and 9 years

Between the date of adoption and the date the

Regulation comes into force

5 accounting years from the date the Regulation

comes into force

Between 6 and 10 years

From the date the Regulation comes into force and

two years thereafter

(The mandated audit tender process under the

Regulation will not apply when a new auditor is

appointed during this period, but will apply after the

two year transitional period has elapsed)

6 years for single auditor audits (extension to 8

years might be possible)

9 years for joint audits (extension to 12 years

might be possible)

Minimum engagement period of 2 years applies

Engagement can be renewed once, but the total engagement

period is limited to a maximum of 6 years (9 years for joint

audits)

6 years

(9 years for joint audits)

These are the transitional rules as currently drafted. However, these may change as there is a long way to go and many hurdles to overcome before the

final regulations become clear.


9/14



All rights reserved

Restrictions on non-audit services


Under the Regulation, there would be very few non-audit services that could be provided by the audit

firm or other firms within the audit firms network to a PIE or its parent/subsidiaries within the EU.

Permitted related financial audit services would be limited to:

audits and reviews of interim financial statements;

assurance on regulatory reporting by financial institutions;

certification on compliance with tax requirements when such attestation is required by national law;

and

assurance on corporate governance and social responsibility statements.

However, the fees for related financial audit services to an audit client would be limited to 10% of the

audit fees paid by that entity.

A limited number of non-audit services would be permitted. Within the EU, they would be subject to pre-approval on a case-by-case basis by the audit committee (e.g. comfort letters for investors and human

resource services) or the relevant competent authority (e.g. acquisition due diligence services and

designing and implementing financial information technology systems).

It would be possible for non-audit services to be provided by the auditor (or by a member of the audit

firm s network) to a non-EU entity that is controlled by the EU entity. However, before such services are

provided the auditor would have to assess whether their independence would be compromised by such

services, using a threats and safeguards approach.

Providing adequate safeguards are in place, the provision of non-audit services by the auditor

can both enhance the quality and reduce the cost of the services (and potentially the audit)

with no loss of independence. This was in effect the conclusion of the recent review by the

auditing Practices Board in the UK.

Furthermore, provisions already exist in the UK Corporate Governance Code and associated

guidance relating to both the pre-approval and disclosure of non-audit services.

The extensive prohibitions currently being proposed may result in narrowing the choice

both of auditor available to a company and providers of non-audit services.

.


10/14



All rights reserved

Audit committee requirements


The Regulation requires all PIEs, with certain concessions for subsidiaries and certain types of financial

institution, to have an audit committee (or a body performing equivalent functions) comprised of non-

executive directors the majority of which must be independent.

At least one member must have competence in auditing and another must have competence in

accounting and/or auditing. The committee members as a whole must have competence relevant to the

sector in which the audited entity is operating.

The audit committees responsibility with respect to the oversight of the audit and the appointment and

dismissal of the auditor is made more explicit. In particular, the audit committee is to:

supervise the completeness and integrity of the draft audit reports;

be responsible for the procedure on the selection of the statutory auditor(s); and

authorise on a case by case basis, the provision by the statutory auditor [of those non-audit servicesthat are still permitted]

While most UK listed companies already have established audit committees, the new

Regulation looks set to impose stricter requirements in terms of composition and the

qualifications of audit committee members. If the proposals remain unchanged, boards and

nomination committees will need to consider the current composition of the audit committee

and any changes necessary to meet the new requirements.

The role and responsibilities of the audit committee described in the UK Corporate

Governance Code are similar, but not identical to those currently being proposed. Some of

the new requirements, for example more frequent audit tendering, will require a greater time

commitment from audit committee members. As a result, audit committee terms of

reference and standing agenda may need to be updated to reflect the new requirements.


11/14



All rights reserved

Fee limits imposed on auditors


Auditors will be restricted or in some cases prohibited from providing audit and related financial audit

services to PIEs if the fees generated from these services exceed certain limits.

An audit firm must not receive more than 20% of its total fee income from one PIE audit client in any

given year (or more than 15% of fees from the same PIE audit client over two consecutive years). If this

threshold is breached, safeguards, for example an independent quality review, must be put in place by

the audit committee. A competent authority may also decide that the audit firm cannot continue the

audit or that the auditor must resign within two years.

Auditors are permitted to provide related financial audit services which include for example the review

of interim accounts. The fees generated from related financial audit services must not exceed 10% of the

fee paid for the statutory audit.

The fee caps for total fees generated from a single audit client imposed by the new Regulation

should not cause a problem for most audit firms, as limits under current Ethical Standards are

lower.

However, the limit on fees currently proposed on revenues generated from related financial

audit services will be a new requirement and may restrict to what extent an auditor can

perform such services. Since theses services are in the main dictated by law or regulators it is

difficult to see the logic in such proposals.


12/14



All rights reserved

Audit report


The proposals identify over 20 items that would have to be addressed in the auditors report, including:

the auditors assessment of the entitys ability to meet its obligations in the foreseeable future and

therefore continue as a going concern;

how much of the balance sheet has been tested substantively and how much has been audited based on

system and compliance testing;

the variation in the weighting of substantive and compliance testing compared to the previous year;

the levels of materiality applied to perform the audit;

the key areas of risk of material misstatements of the financial statements;

an assessment of the internal control system, including significant internal control deficiencies identified

during the statutory audit, as well as the bookkeeping and accounting system (note that this appears to

cover only the parent entity in the case of a group);

violation of accounting rules, laws, articles of incorporation, and accounting policy decisions and othermatters significant to the governance of the entity;

whether the statutory audit was designed to detect irregularities, including fraud;

The identity of each audit team member and a confirmation of the audit teams independence;

in the event of a qualified or adverse opinion or a disclaimer of opinion, the reasons for such a decision;

any non-audit services provided; and

consistency of the audit opinion with the additional report to the audit committee.

The length of the audit report would be limited to four pages or 10,000 characters.

As currently drafted, auditors will be required to report on more matters and in greater

detail than is currently the case. As a result, issues previously covered by client

confidentiality and reported privately to the audit committee or board will potentially

be made public in the audit report.

The proposed requirement to report on the assessment of the entitys ability to meet its

obligations in the foreseeable future and therefore continue as a going concern

potentially goes further than the current requirements imposed on directors.

The proposed requirement that auditors report publicly on their assessment of the

internal control system is not fleshed out in any detail, but it could imply something

similar to SOX 404 (perhaps extended beyond internal controls over financial reporting).


13/14



All rights reserved

Private report to the audit committee


In addition to the audit report, the auditor also would be required to provide an additional, more

detailed report to the audit committee which explains in detail the results of the audit, presenting and

justifying inter alia:

the scope of the audit;

the auditors risk assessment;

audit work carried out;

judgements about material uncertainties that raise questions about the entitys ability to continue as

a going concern;

whether the bookkeeping, accounting, financial statements and additional reports covered by the

audit show appropriateness;

all instances of non-compliance, including non-material instances if they are considered important tothe audit committee;

an assessment of the valuation methodologies used to prepare the financial statements

full details of all guarantees, letters of support or public undertakings relied upon to support a going

concern conclusion; and

how audit work was distributed between different audit firms including the involvement of any third-

country (ie non-EU) auditors including identifying what work they performed.

The report to the Audit Committee would not generally be public, however, it could be disclosed to

shareholders in general meeting if the board so decides. Furthermore, upon request the auditor should

make the report available to regulators without delay.

While auditors should already engage in a two way regular dialogue with those charged with

governance (generally the audit committee), the proposed Regulation will make part of this

communication process mandatory and will impose more prescriptive rules.

As currently drafted, the Regulation also provides the Board with a statutory right to disclose

the report from the auditor to the audit committee to shareholders. Given the commercial

sensitivity attached to much of the information currently reported to Audit Committees,

Boards may be reluctant to exercise this right. Nonetheless shareholders expectations may be

raised somewhat.

There is therefore a danger therefore that the existence of this right together with the

detailed prescriptive list of matters to be included could lead to boilerplate disclosure and

thus reduce the quality of existing communications between auditors and audit committees


14/14

2012 KPMG LLP, a UK limited liability partnership

and a member firm of the KPMG network of independent member firms

affiliated with KPMG International Cooperative ("KPMG International"), a

Swiss entity. All rights reserved.

The KPMG name, logo and "cutting through complexity" are registeredtrademarks or trademarks of KPMG International Cooperative ("KPMG

International").

Documents

Aci Ec Audit Reform