Audit Firm Supervision (overview)
Published: 25 September 2023
13 minute read
The FRC has revamped the way it supervises firms which audit Public Interest Entities (PIEs) through the creation of three teams – Audit Firm Supervision (AFS), Audit Market Supervision (AMS) and Audit Quality Review (AQR) within the Supervision Division.
PIEs are defined by the Companies Act 2006 (section 494A). The types of entities which are likely to be PIEs include:
- UK entities which are listed on the London Stock Exchange (or other UK-regulated market);
- UK registered banks, building societies or other credit institutions (but not credit unions or friendly societies); and
- UK Insurers which are within the scope of Solvency II.
AFS is responsible for the overall supervision of PIE audit firms, drawing together the results of work undertaken by the other two teams (AMS and AQR) as well as other areas of the FRC.
To help improve audit quality, we have introduced a forward-looking supervisory approach, with proportionate monitoring across three tiers of PIE audit firms. Tier 1 firms are already on an annual AQR inspection and firm-wide review cycle. Tier 2 firms either have several PIE audits (for example, ten or more) and/or other risk factors, and are typically on a three-year cycle for individual audit inspection and firm-wide work. Tier 3 firms are the remainder of the PIE audit firms which are usually on a six-year cycle of individual audit inspection and firm-wide work. All firms that audit PIEs have been allocated a Supervisor and we have written to each firm setting out our approach and expectations of them.
There are four main areas that AFS lead on in respect of audit quality and firm resilience:
- Audit Quality improvement led by a Supervisor
- PIE Auditor Registration
- Case Assessment
- Audit Firm Scalebox
For further detail, please read Our Approach to Audit Supervision.
You can find the latest Audit Firm Specific Reports for Tier 1 firms, together with an Overview Report (2022 and 2023) on our Audit Firm Specific Reports - Tier 1 audit firms page.
We publish a summary for Tier 2 and Tier 3 firms in the autumn, the first of which (2022) can be found on our Audit Firm Specific Reports - Tier 2 and Tier 3 audit firms page.
Supervisor team
The Supervisors balance an assertive and forward-looking approach, holding firms accountable while also acting as an improvement regulator. Supervisors each have responsibility for certain PIE audit firms. A key part of their work is assessing the effectiveness of the firms’ audit quality initiatives, including reviewing the firms’ formulation and progress on action plans, root cause analysis (RCA) and quality improvement plans (including Single Quality Plans or SQPs for Tier 1 firms).
A key aim is to promote a culture of continuous learning and improvement within firms in relation to audit quality. Detailed RCA, implementation of robust actions on a timely basis to address findings and integration of those actions into a quality improvement plan are all important elements of an audit quality improvement mechanism. We assess each firm’s RCA and other lessons learned from quality matters. We then monitor and evaluate the firm’s action plan and effectiveness measures in place to address them.
The Supervisors have responsibility for monitoring Non-Financial Sanctions (NFS) imposed following an investigation by the Enforcement Division. The Supervisors are also responsible for undertaking Constructive Engagement which arises from Audit Enforcement Procedure cases where it is considered that the audit quality concerns can be appropriately and satisfactorily addressed, and the risk of repetition mitigated, without the time and expense of a full investigation. The Constructive Engagement process may result in enhanced monitoring and scrutiny over the relevant firm until we believe that the risks have been addressed through a suitable mitigation plan.
The Supervisors have regular interaction with the firm that includes involvement in the engagement framework (a series of meetings with senior firm management) and pre-appointment meetings for certain senior roles for that firm. The Supervisors are therefore in a position where they have a holistic evidence-based understanding of the various audit quality initiatives being undertaken by PIE audit firms.
AFS leads the publication of the annual inspection and supervision reports on Tier 1 firms, usually in July each year. We also send private Annual Supervisor Letters (ASLs) that are tailored to each Tier 1 firm. These letters clearly outline our view of the relevant risks to audit quality, the resilience of the audit market, and our prioritisation of the actions the firm must take to address them. The letter describes the supervisory work that we plan to carry out in the following 12 to 18 months. The letters relay some of the messages in the public reports, as well as conveying additional messages relating to our supervisory work. The firms respond privately to our letters, setting out the actions that they intend to take.
Similarly, we send ASLs that are tailored to each Tier 2 firm, which are focused on the work that we have done in respect of that firm in the year and any areas of particular concern where we want leadership at the firm to focus in the future.
Our ASLs for the Tier 3 firms are tailored to specific firms if the firm has been subject to an inspection recently, otherwise the remaining firms receive a generic ASL based on information from our supervision of all Tier 3 firms. In all cases, we continue to assess the actions a firm has taken in response to our letters.
PIE Auditor Registration
A key recommendation of the Kingman Review was that the FRC should undertake the approval and registration of audit firms conducting PIE audits. The Kingman Review noted concern that the delegation of the approval and registration of statutory auditors leaves the FRC without sufficient power to act where systemic quality issues with an audit firm are identified. The Kingman Review also recommended that a new FRC regime for the approval and registration of audit firms conducting PIE audits should have a range of actions available to take in response.
Case Assessment
From 1 April 2023, the Case Examiner and Case Examination and Enquiries became a separate team within AFS and has been renamed Case Assessment (CA). CA identify cases which may fall within the remit of one or more of the FRC’s disciplinary schemes (the Audit Enforcement Procedure (AEP), the Accountancy Scheme and the Actuarial Scheme).
Sources of Enquiries
Enquiries are generated from horizon-scanning activities, which include searches of listed company Regulatory News Service (RNS) updates and reviews of reports in the financial press. Other sources of enquiries are complaints, whistleblowing disclosures and referrals from other FRC teams, regulators and professional bodies.
Consideration is given to the nature of the issue before deciding to make further enquiries to ensure that our actions are proportionate and risk based.
Horizon-scanning
When performing horizon-scanning activities, the types of issues of interest include:
- Material misstatements in a company’s financial statements that may not have been detected through the Statutory Audit process (including errors in the audited financial statements themselves and in other parts of the annual report that an auditor has a duty to review)
- Indications of fraud that may not have been detected by the Statutory Audit process, and
- Indications of Misconduct by professional accountants or actuaries where it may be in the public interest for the FRC to make enquiries, primarily in relation to the preparation and approval of financial statements which may contain material errors.
In relation to errors in a set of financial statements, we focus on those that appear to be material and could reasonably be expected to influence the decisions of users of the financial statements.
Complaints and whistleblowing disclosures
Complaints and whistleblowing disclosures are managed centrally by the FRC and are referred for further assessment and enquiry if they relate to audit, accounting or actuarial matters within the FRC’s Enforcement remit.
Referrals
Other FRC teams may refer matters for further enquiry if they become aware of matters indicative of auditing, accounting or actuarial irregularities. A primary source of such referrals is from audit inspections conducted by AQR.
In addition, the FRC’s Corporate Reporting Review (CRR) team may identify a material error in a company’s financial statements in terms of an incorrect accounting treatment or a disclosure failure, which may also raise a question as to whether there has been a failure in the audit process.
CA liaises closely with other relevant regulators and prosecuting authorities to identify cases of public interest and determine which body may be best placed to act. CA both receives and makes referrals, and information is received from and shared with other agencies as permitted through formal legal gateways.
Outcomes of Enquiries
An enquiry will end in one or more of the following outcomes:
- Referral to the Conduct Committee for a decision on whether an investigation should be opened
- In AEP cases only, resolution through Constructive Engagement (which is undertaken by the Supervisor team)
- Referral to another team within the FRC or another regulator or professional body, or
- No further action by the FRC where the enquiry identified no evidence of acts or omissions likely to amount to potential breaches or Misconduct, or where further action was not considered proportionate.
The latest report on the FRC’s investigation and Constructive Engagement work can be found in the Annual Enforcement Review.
Audit Firm Scalebox
The objectives of the Scalebox program are to enhance audit quality, promote resilience in relevant audit sectors, support the FRC's role as an improvement regulator, and enable the FRC to better fulfil its regulatory objectives.
The Scalebox is a flexible mechanism for the FRC to engage with firms in areas where they require assistance. The Scalebox team focuses on common findings, changing requirements, and growth areas. Activities conducted by the Scalebox may include reviewing completed audits, assessing audit methodologies, examining internal quality monitoring systems, evaluating governance processes, providing guidance on registration requirements, and assisting with understanding investigation and enforcement procedures.
Constructive Engagement
What is Constructive Engagement?
Constructive Engagement is a process introduced by the AEP for resolving cases where the audit quality concerns can be appropriately and satisfactorily addressed without full investigation and enforcement action.
As set out in paragraphs 13, 13A and 14 of the Guidance for the Case Examiner, where the matter has not been referred to the Board under rule 5(d) of the AEP, the use of Constructive Engagement is entirely at the discretion of the Case Examiner. Examples given of cases for which it will or may be suitable include:
- cases where there has been a minor technical breach of the Relevant Requirements, usually at the very lowest end of the spectrum of possible breaches; and
- cases where there is no real concern about harm to investor, market or public confidence in the statutory audit process and where there is no evidence of financial detriment to anyone.
Who conducts Constructive Engagement?
Constructive Engagement decisions are made by the Case Examiner. Identification and monitoring of remedial actions, where appropriate, are conducted by the Supervisor team.
How does Constructive Engagement work?
CA seek information from the audit firm about the audit work conducted and the issues underlying the potential audit breach, including reviewing relevant audit working papers and obtaining explanations from the audit team. Once the decision has been made to resolve a matter through Constructive Engagement the Supervisor team will then agree appropriate remedial actions with the firm, for example modifications to firm-wide audit procedures and/or staff training.
Constructive Engagement will only succeed with the full cooperation of an audit firm. If a matter is not or cannot be resolved satisfactorily, it may be referred to the Conduct Committee for a decision on opening an investigation. As part of its oversight role, the Conduct Committee is provided with information about cases resolved via Constructive Engagement.
How do we share learnings from Constructive Engagement activities?
Although the FRC does not publish individual outcomes of Constructive Engagement, we communicate themes and learnings to audit firms, and share insights with accountancy bodies (for circulation to their members), other regulators and other teams within the FRC, who feed the results into their work.
Single Quality Plans
We require all Tier 1 firms to maintain a Single Quality Plan (SQP) to drive measurable improvements to audit quality and firm resilience and to facilitate oversight by the firm’s INEs / ANEs.
Each firm’s SQP must encompass certain principles, which we established. These include the identification of key priorities, the inclusion of all key actions, the monitoring of progress, and the assessment of effectiveness in priority areas.
We engage regularly with firms on their SQPs to ensure that firms have set appropriate priorities and are demonstrating progress in delivering effective actions. Where firms are not achieving their SQP objectives, we will hold them to account against their plan and consider whether further actions are necessary.
Statutory Auditors Transparency Reporting
Auditors of certain public interest entities must publish annual Transparency Reports in accordance with the Statutory Audit Directive. The FRC carries out ongoing monitoring to ensure that all relevant firms publish a report which comply with the statutory requirements.
If you require further information, please email [email protected]. Enquires from firms should be sent to their relevant Supervisor.
Risk Reporting Protocol
The FRC’s designation as the Competent Authority for statutory audit in the UK requires us to monitor risks arising from the systemic and performance issues which have the potential to lead to the demise of a firm, the disruption of audit services, further audit performance issues and/or an impact on a firm’s financial stability.
We have an agreed protocol with the Tier 1 and Tier 2 firms, which are required to notify their Supervisor without undue delay of incidents which occur either in the UK or across the firm’s global network which could reasonably be considered to pose a significant financial, operational or reputational threat to the UK firm.
The nature of incidents to be reported includes (but is not restricted to) the following:
- Events that have the potential to invoke crisis management plans at a local office, UK or global level
- Claims or potential claims that have a risk of significant financial exposure to the firm
- Cyber-attacks on the firm which may result in data losses or materially impair the functionality of the firm’s IT systems
- Information security or data breaches by the firm, or by third parties working for or on behalf of the firm, which may result in the loss of a significant quantity of personal, commercially confidential, or sensitive data
- Any non-vexatious complaints or allegations about members of the firm’s Senior Leadership Team or Board members
- Complaints or allegations against partners in the firm which are serious in nature and may result in adverse media comment, disciplinary activity, resignation, or termination of their position
- Complaints or allegations against the firm’s staff members which, individually or collectively, raise serious concerns about their professional or ethical behaviour and/or the firm’s systems for detecting such behaviour
- Situations where the firm becomes aware that an audit report it has previously issued on a PIE, large AIM-listed entity or Lloyds Syndicate may need to be withdrawn or can no longer be relied on
- Any action being considered by the firm’s Recognised Supervisory Body which may have a significant impact on the operation of the firm or any of its service lines
- Any other matter that is likely to be subject to media coverage with adverse reputational implications
Pre-appointment process
Pre-appointment meetings
As part of our focus on leadership and governance we have set out below our expectations of the experience, skills and attributes of candidates for the key roles of Independent Non-Executives (INEs) and Audit Non-Executives (ANEs), Heads of UK firms, Chairs of Boards, Heads of Audit, Chief Risk Officers (or equivalent) and Ethics Partners at Tier 1 firms. The role of Independent Non-Executives and Audit Non-Executives are considered in detail in the Audit Firm Governance Code and Operational Separation Principles.
The same expectations apply when we meet proposed Heads of Audit and INEs from Tier 2 firms.
In a pre-appointment meeting we will assess how well we believe candidates meet our criteria, and then feed back to the firm.
When requesting a pre-appointment meeting firms should provide the following details:
- How the appointment for was agreed, including details of any discussion at governing body level
- How INE and ANE candidates were initially identified
- The candidate’s understanding of the firm’s values and audit specific values in particular:
- Integrity, objectivity, professional competency and due care, confidentiality and professional behaviour, as set out in the Audit Firm Governance Code
- Integrity, objectivity and independence, as set out in the in the Ethical Standard
- How the appointment complements the firm’s strategy
- For individuals proposed for the roles of Head of Audit, Ethics Partner and Head of UK firm, details of any complaints made against the candidate by clients or former clients in the last five years, which the candidate has accepted, or which are awaiting determination
Characteristics
When considering appointments, we will take account of the following characteristics:
In a pre-appointment meeting, we will assess how well we believe candidates meet these criteria and feed this back to senior management of the firm.
Independent Non-Executives and Audit Non-Executives
- Independence of thought
- Knowledge of professional services firms (or an induction plan in place to address gaps)
- An understanding of the public interest and its importance to the activities of an audit firm
- Ability to command the respect of the firm’s partners
- Sufficient time to devote to the role
The Audit Firm Governance Code requires knowledge and experience of audit and a regulated sector. At least one INE should have competence in accounting and/or auditing, gained, for example, from a role on an audit committee, in a company’s finance function or at an audit firm.
For firms subject to Operational Separation, at least one ANE should be ‘doubly independent’, meaning they must not be an INE.
Head of UK firm
- If from an audit background - evidence of involvement in audit quality initiatives within the firm in recent years
- If from a non-audit background – consideration of how the individual will support audit quality within the firm as Head of UK firm
- Sufficient time (outside of their portfolio of fee earning work) to devote to the role
Chair of the Board
- Consideration of how the individual will support audit quality within the firm as Chair
- An understanding of the public interest and its importance to the activities of an audit firm
- Sufficient time (outside of their portfolio of fee earning work) to devote to the role
Head of Audit
- Track record of audit quality (from internal and/or external reviews)
- Evidence of involvement in audit quality initiatives within the firm in recent years
- Sufficient time (outside of their portfolio of audit work) to devote to the role
Ethics Partner
- Track record of involvement in ethical matters/issues within the firm
- An independent attitude of mind
- Evidence of sufficient standing within the firm to uphold difficult decisions
- Sufficient time (outside of their portfolio of fee earning work) to devote to the role
Chief Risk Officer
- Track record of experience in a risk management and/or a compliance discipline
- If from a non-audit background, consideration of how the individual will oversee and mitigate the risks to the audit practice as a consequence of the wider activities of the firm
- Consideration of how the individual’s role will remain free from operational conflicts to facilitate effective risk oversight and challenge
Frequently asked questions
Who does the FRC meet?
We offer to meet prospective candidates for all of the roles listed above in Tier 1 firms. Our approach to Tier 2 firms differs because we only meet prospective Heads of Audit and INEs.
When do meetings take place?
We only expect to meet the firm’s proposed, final candidate for any particular role. For roles which are elected by the partners, we will either meet the newly elected individual as soon as possible after their appointment or meet all short-listed candidates prior to the election of one of them.
What is the process for arranging meetings?
Once the firm has decided on a proposed appointment, the firm should contact their FRC Supervisor to arrange a meeting and provide the information requested. We will try and schedule a meeting as soon as possible so as not to unduly delay the proposed candidate’s formal appointment process.
Who from the FRC will be at the meeting?
The firm’s Supervisor always attends, and other senior FRC staff may also attend. If the proposed INE or ANE is being recruited by a Tier 1 firm, then an FRC Senior Advisor or member of the FRC’s Advisory Panel will also attend.
What will be the format of the meeting?
We will tailor the content of the meeting depending on the role the individual is being put forward for and their background. We would normally expect to cover the following with the candidate:
- what they see as their role
- their understanding of our strategy, the Audit Firm Governance Code and Operational Separation Principles (if applicable)
- their awareness of current audit supervision issues for the firm or issues from the recent past, and
- their expectations for their induction programme.
We will discuss any issues which we think the candidate should be aware of and there will also be an opportunity for the candidate to ask the FRC questions in confidence.
What will happen after the meeting?
We will write to the firm to provide high level feedback on the meeting and to identify any areas which it might be helpful to focus on as part of the candidate’s induction process.
Notification of Resignation as a PIE Auditor
Auditors and Companies must notify their appropriate audit authority in respect of when an auditor ceases to hold office. These requirements are set out in Companies Act 2006 (Sections 522 to 525).
In respect of an audit of a Public Interest Entity (PIE), as defined by Companies Act 2006 (Section 494A), the appropriate audit authority is the FRC in its capacity as the Competent Authority.
Notifications of resignations to the FRC must be sent to [email protected], including any request for further extensions.
Auditors of non-PIEs, including AIM-listed entities and Lloyds syndicates, must send copies of their resignation letters to their Recognised Supervisory Body (namely ICAEW, ACCA, ICAS, ICAI).
Guidance on the circumstances in which the FRC is the appropriate audit authority, how the notification to the FRC should be made, and what it must cover is provided in the form of:
Between 1 April 2022 and 31 March 2023, the FRC received 129 Auditor resignation notifications. The FRC received 148 Auditor resignation notifications the year before.
For detail regarding notification of appointment as a PIE auditor refer to PIE Auditor Registration Guidance.