The review follows concerns raised about the quality of audit, for example in both an earlier Parliamentary Joint Committee report and the most recent ASIC Audit Inspection report.
Australian Financial Reporting Council's report released
On 5 April, Assistant Treasurer Stuart Robert released the Australian Financial Reporting Council's (FRC's) report: Auditor Disciplinary Processes: Review. The Review assessed the processes available to discipline Registered Company Auditors (RCAs) with the aim of identifying how they could be improved to ensure they effectively address cases of alleged misconduct. More particularly, the report examined the RCA discipline process, the effectiveness of the Company Auditors Disciplinary Board (CADB), The Australian Securities and Investments Commission's (ASIC’s) Audit Inspection Program, and the professional accounting bodies’ disciplinary processes for audit misconduct.
The report makes 18 recommendations (17 of which the government has said it supports or agrees with in principle) concerning enforcement or discipline of registered company auditors (RCAs) who do not meet the standards expected of them. An overview of some of the key findings, the recommendations and the government and ASIC's response is below.
Key findings
- Australian Securities and Investments Commission (ASIC) systems: The report is critical of ASIC procedures to monitor disciplinary issues, commenting that ASIC’s records about surveillance, investigation, and enforcement activities are managed in a number of different systems, and that there were 'difficulties in gathering and reconciling relevant data'.
- ASIC has only referred six matters to CADB in the last eight years and only commenced one matter in court. The Review found that this was due to: 1) RCAs voluntarily cancelling their registration prior to a CADB referral or decision (with no publicity associated with that voluntary cancellation); and 2) ASIC’s preference for negotiated outcomes. The report comments that 'ASIC's enforcement approach 'has limitation in its reduced transparency and lack of denunciation'.
- ASIC's audit inspection work is geared towards education (not enforcement): Though ASIC’s Audit Inspection Program is acknowledged to be an important part of the regulator's surveillance work in relation to RCAs, the outcomes of this program were observed to be generally focused on educative efforts rather than being enforcement‐oriented or imposing disciplinary consequences on firms. The report states that 'While these general goals are laudable, the FRC suggests that the outcomes from the Audit Inspection Program be more directly linked to ASIC’s enforcement goals of deterring and punishing misconduct, as this may help to improve audit quality'.
- The professional accounting bodies’ disciplinary processes were observed to be limited in their application because they lack the power to fully investigate RCA misconduct.
- Court action more likely in future? The report notes that ASIC anticipates that recent reforms to penalties (with the passage of Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019), as well as ASIC's new approach to enforcement will mean court action will be considered appropriate in more cases.
Recommended reforms
The report includes 18 recommendations, all of which the government has said it supports/agrees with in principle with the exception of recommendation five.
Recommendation not supported by government? Recommendation five recommends that barriers to ASIC naming RCAs who are under investigation (where they voluntarily cancel their registration' be 'addressed'). The Government states that it disagrees with the recommendation because naming RCAs while they are under investigation 'could cause reputational damage to the RCA without due process'. On this basis, the government states that it 'only supports ASIC publishing such a notice where a RCA consents to this announcement.' The government adds that it considers that expanding the CADB’s disciplinary powers and remit to include auditors that have been deregistered, will strengthen the disciplinary process and ensure disciplinary action can still take place even where an auditor voluntarily cancels his or her registration.
Seventeen recommended reforms (supported by government)
A high level overview of the remaining recommendations, the government's response and ASIC's response (where available) is below.
Naming firms? ASIC to publish more detailed information in audit inspection reports: The report includes a recommendation (recommendation 11) that ASIC publish the results of audit inspections in greater detail, including naming firms. ASIC has said that it is considering publishing more detailed information including 'whether to disclose results for named audit firms' but has not confirmed that it will do so. The government has said it supports ASIC acting on the recommendation should 'it choose to do so'.
ASIC to be given power to compel remediation for defective audits: Recommendation 12 of the report recommends that ASIC be given the power to compel remediation of defective audits along with the power to publish notices when this occurs. The government has said it agrees in principle with the recommendation and will consult on reforms to empower the regulator to compel remediation. ASIC has said it is supportive of the recommendation.
Past issues reviewed for 'possible enforcement action': The report includes a recommendation (recommendation 10) that issues identified in ASIC Audit Inspection Program reports (eg potential breaches of the law/failure by RCAs to meet their obligations) should be reviewed for possible enforcement action. The government has expressed support for ASIC acting on the recommendation.
Strengthening/improving ASIC's detection, investigation and enforcement processes: The report includes a number of other recommendations concerning ASIC's processes (which the government has said it supports). These include recommendations that ASIC should: a) adopt a more 'structured and consistent approach' to preliminary investigations of RCA matters (recommendation 1); b) improve it's record keeping and data management systems to make tracking matters easier across the organisation (recommendation 2); c) evaluate whether resourcing requirements for enforcement action are appropriate (recommendation 3); and d) outline how the ‘why not litigate’ enforcement strategy will apply to misconduct by RCAs (recommendation 4).
Stronger disciplinary powers for the Companies Auditors Disciplinary Board (CADB)? Recommendation 8 recommends (and the government has said it 'agrees in principle') the CADB should be granted additional disciplinary powers to suspend registration during a disciplinary proceeding and to impose fines on individuals or the firms that employ them. In its response to the report, the government said it will consult on reforms to enable the CADB to impose sanctions against individuals even where an RCA is no longer registered, to ensure disciplinary action cannot be avoided by RCAs by voluntarily cancelling his/her registration.
Other recommendations to strengthen CADB processes:
- The government should consider making the necessary changes to enable the CADB to publish the commencement of proceedings including naming the RCA subject to the proceedings and his or her firm. The government has said it agrees with the recommendation but also said it will consider revising provisions to ensure that proceedings are 'publicised only when it is appropriate to do so'.
- The CADB and ASIC should work to adopt a 'less formal and more timely' approach to the carriage of CADB matters (including a review of CADB's practice and procedures manuals) (recommendation 6). ASIC has said it supports this recommendation and will work with the CADB on a less formal approach to disciplinary matters to help ensure more timely outcomes through CADB processes.
- The government should consider whether the CADB requires additional administrative support if a greater number of applications are made as a result of the reforms (recommendation 9)
Tracking audit quality over time: The report includes a recommendation (recommendation 14) that ASIC and the FRC work together to implement the Parliamentary Joint Committee recommendation to devise a study that would track audit quality over time. The government has expressed support for ASIC and the FRC to action the recommendation. In its response to the report, ASIC committed consistent with the recommendation and the PJC recommendation, to track audit quality over time.
Professional accounting bodies: The report includes a number of recommendations (all of which are supported by the government) concerning professional accounting body processes. These include that professional bodes should: a) refer potential breaches of the law by RCAs to ASIC (recommendation 15); b) that professional bodes should improve the quality of their record keeping with respect to disciplinary actions (recommendation 16); c) formalise communication (particularly regarding RCAs) between themselves and the FRC with respect to their disciplinary proceedings (recommendation 17); and d) publicly report statistics on the number of complaints they receive, and the number of complaints that do not proceed (recommendation 18).
ASIC's response
In a statement welcoming the release of the report and the government's response ASIC also outlined its support for certain recommendations (some of which have already been flagged above).
- New workflow system will improve transparency: ASIC states that its new workflow system for regulatory and enforcement activities will facilitate a more structured approach to audit surveillance, and deliver improved transparency as the system is common across all ASIC teams. ASIC adds that the system 'will capture processes, documents and decision points in a common structured way using consistent terminology across ASIC'. The new workflow was introduced on 1 June 2018.
- Re-evaluate criteria for taking enforcement action: ASIC will re-evaluate its criteria for taking auditor enforcement actions, and the types of outcomes that it may seek, including the use of enforceable undertakings and referrals of matters to the CADB as part of its implementation of the new Office of Enforcement.
- Ensuring sufficient resourcing? With respect to resourcing of audit inspection and financial reporting surveillance, ASIC states that resources will continue to be 'dynamically allocated within the team to achieve the best outcomes for quality financial reporting supported by quality audits'.
- Releasing more detailed information in audit inspection reports, including naming firms? As flagged above, ASIC is yet to determine whether it will name firms. ASIC states that is 'already considering whether to publish the percentage of findings for named audit firms in its next audit firm inspection report for the 18 months to 31 December 2019'. ASIC adds that it is currently reviewing 'when it would be appropriate to name entities more broadly across all our surveillance and compliance reports before deciding whether to disclose results for named audit firms.'
[Note: Context