FRC proposed revisions to auditing standards on laws and regulations
In October 2023, the Financial Reporting Council (FRC) issued an exposure draft of a proposed revised International Standard on Auditing (ISA) UK 250 ‘Consideration of Laws and Regulations in an Audit of Financial Statements’ and Proposed International Standard on Auditing (UK) 2X0 (Revised) ‘Special considerations for Public Interest Entities - Communicating and Reporting to an Appropriate Authority Outside the Entity’. The former would replace extant ISA (UK) 250A and the latter ISA (UK) 250 B.
The proposed revisions aim to strengthen auditor requirements to detect and report material misstatements from non-compliance with laws and regulations and to clarify instances auditors should report such breaches, and other significant matters, to the relevant regulators. The FRC believes that this will enhance the useability and informativeness of the audit and provide greater assurance to users of financial statements that potential material misstatements have been properly assessed by the auditor.
Proposed revisions to ISA (UK) 250 (revised November 2019 (updated May 2022) Section A - Consideration of laws and regulations in an audit of financial statements
Non-compliance with laws and regulations can result in potential fines, litigation or other consequences which could have a material effect on the audited entity.
The extant ISA (UK) distinguishes the auditor's responsibilities into two different categories of laws and regulations as follows:
- a) The provisions of those laws and regulations are generally recognised to have a direct effect on the determination of material amounts and disclosures in the financial statements such as tax and pension laws and regulations. and
- b) Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the financial statements, but compliance with which may be fundamental to the operating aspects of the business, to an entity's ability to continue its business, or to avoid material penalties (for example, compliance with the terms of an operating license, compliance with regulatory solvency requirements, or compliance with environmental regulations); non-compliance with such laws and regulations may therefore have a material effect on the financial statements.
Differing requirements are specified for each of the above categories of laws and regulations. For category (a), it’s the auditor's responsibility to obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations. For category (b), the auditor's responsibility is limited to undertaking specified audit procedures to help identify non-compliance with those laws and regulations that may have a material effect on the financial statements.
Under the proposed revised standard this differentiation would be removed and the objectives of the auditor would be:
- To identify those laws and regulations with which non-compliance may have a material effect on the financial statements.
- To identify and assess the risks of material misstatement of the financial statements due to fraud or error relating to non-compliance with laws and regulations.
- To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud or error relating to non-compliance with laws and regulations.
- To respond appropriately to identified or suspected non-compliance with laws and regulations identified during the audit.
The FRC acknowledges that auditor's responsibilities cannot be open-ended to the effect of identifying and determining compliance with all laws and regulations relating to the entity. To assist the auditor the FRC proposes that a more robust risk assessment process building on the risk assessment performed in accordance with ISA (UK) 315 will be introduced to help auditors identify those laws and regulations that have, or may potentially have, a material effect on the financial statements.
ISA (UK) 250 (revised November 2019) Section B - The auditor’s statutory right and duty to report to regulators of Public Interest Entities (PIEs) and regulators of other entities.
The proposed changes to ISA (UK) 250B build on existing UK laws where auditors of public interest entities are expected to comply with statutory duties to report to regulators if significant matters relevant to the regulator, such as breaches in law or regulation, come to the auditor’s attention. The FRC is proposing to introduce a more principles-based approach so that information that is of such significance is reported to regulators even where law, regulation or relevant ethical requirements do not require it.
ICAS view
In response to the FRC we advised that we are not convinced of the need to update ISA (UK) 250 at this time. We are not aware of significant issues being identified in relation to the application of this standard by auditors in practice. Although we acknowledge that the FRC recognises that the auditor’s responsibilities cannot be open-ended to the effect of identifying and determining compliance with all laws and regulations pertaining to the entity, we have concerns that this will be the inevitable direction of travel if these proposed revisions are implemented as currently drafted. Particularly in large complex international group audits, the need for auditors to seek the use of experts (legal and potentially others) will be significantly enhanced.
We also stated that the proposed new standard to replace ISA (UK) 250 Section B should not be introduced until the Government has enacted, and made effective, the supporting legislation to provide auditors with appropriate protection when making any reports under this framework. We are currently led to believe that the Government has no imminent plans to enact the necessary legislation. Therefore, we have major concerns about extending the reporting requirements applicable to auditors without providing them with the necessary protection to do so.
The Government’s position in relation to audit and corporate governance reform appears to have changed since it published its proposed future actions on this subject matter in its response paper in May 2022 to its ‘Restoring trust in audit and corporate governance’ consultation paper. There has not yet been an audit and corporate governance reform bill, and it is not envisaged that there will be one soon. This change in the business regulatory environment needs to be taken into consideration, as does the Government’s desire to grow the UK economy, when assessing whether these proposals are in the public interest at this time. The FRC has not set out specific reasons as to why these revisions are necessary at this time.
We acknowledge that the FRC is seeking to place the requirements on auditors in relation to laws and regulations on a more risk-based footing. Conceptually, this may appear an appropriate approach, however, we have concerns as to its practical application and the work effort that will be required of auditors to meet these proposed revised requirements. Given the wide spectrum of laws and regulations that may be applicable to a particular entity the proposed revisions could lead to a considerable increase in the need for auditors to utilise the assistance of legal, and potentially other experts, on a range of different topics to properly satisfy the proposed requirement.
We also expressed concerns over the proposed effective date for audits of financial statements for periods commencing on or after 15 December 2024. We believe that the applicable date should be at least 12 months after the approval of the revised standard to allow audit firms appropriate time to update their methodologies and provide the relevant training for their staff.
Additionally, we believe that the proposed revised standard should not become applicable until after the related legislation has been enacted and taken effect.
