Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Tier two and tier three audit firms: FRC audit inspection results

By James Barbour, Director of Policy Leadership

25 March 2024

We explore the key findings from FRC’s audit inspections.

The Financial Reporting Council (FRC) undertook 13 inspections of audits conducted by tier two and tier three audit firms during 2022/23 when there were five firms in tier two and 24 firms in tier three. A summary of the key findings is included below.

Of these inspections:

  • Five (38%) were assessed as requiring no more than limited improvements (36% average in this category over the period 2016/17 to 2021/22).
  • Five (38%) were assessed as requiring significant improvements (highest in this category since 2019/20).

These percentages should be treated as indicative, given the small sample, that different firms and audits are inspected every year, and that the results of individual firms may vary. However, the FRC has stated that the overall results of inspections for 2022/23 continue to indicate an urgent need for improvements in audit quality in this sector of the market.

The key inspection findings for the year were common across the period and largely consistent with previous years, with the significant majority relating to the audit of:

  • Judgements and estimates, reflecting that complex and judgemental audit areas require audit teams to exercise robust professional scepticism in their audit response.
  • Going concern, with weaknesses in the rigour of the audit work and the challenge of the underlying evidence provided by management.
  • Journal entry testing, including the lack of linkage to the presumed fraud risk of management override of controls.

The FRC noted that weaknesses in firms’ related quality control procedures, such as shortcomings in the reviews of audit work performed by Engagement Partners and/or Engagement Quality Control Reviewers, were contributory factors to the deficiencies noted in the audit work performed. However, they did see a reduction in the number of findings in the audit work over inventory and the financial statements.

The audit quality monitoring activities conducted on tier two and tier three firms’ non-PIE audits by the Recognised Supervisory Bodies (RSBs) including ICAS, continue to show an improving trend with 76% of audits reviewed in 2022/23 being assessed as good or generally acceptable. The FRC believes that these results may reflect the lower complexity of these non-PIE audits or differences in the scope of the review. The FRC supervises and reviews the RSBs’ audit quality monitoring activities and reports annually on this to the Secretary of State.

The FRC’s 2022/23 reviews of tier two and tier three firms’ quality control procedures also found similar themes to previous years with actions required by firms in:

  • Developing competency frameworks for audit partners and staff, and improving links between audit quality and reward.
  • Improving procedures for archiving audit files in line with the requirements of auditing standards.
  • Establishing adequate procedures to monitor compliance with ethical standards, in particular regarding non-audit services and fees.
  • Formalising acceptance and continuance procedures for audit engagements.
  • Improving the depth and rigour of firms’ internal quality monitoring procedures, including processes to follow up and remediate findings.

Review of individual audits

The following themes reflect the most common areas of inspection findings that drove the FRC’s assessment of audits requiring improvements or significant improvements.

1. Estimates and judgements

The FRC had findings in this area on 77% of the audits that they inspected (previous report: 60%), more than half of which were assessed as requiring improvements or significant improvements.

Similar to the FRC’s previous inspection cycles, many of their key findings were as a result of audit teams not demonstrating sufficient professional scepticism, which is essential for an appropriately robust audit of these areas, given the significant levels of management judgement and the potential for bias. Examples of key findings:

  • Expected Credit Loss (ECL) provisions: Weaknesses in the audit procedures performed to test the methodology, assumptions and data inputs used in ECL calculations, including in relation to significant increase in credit risk criteria and macro-economic and other overlays.
  • Investment valuation: Insufficient audit procedures to challenge the accounting treatment for unlisted investments, and to test management’s valuation of these investments.
  • Impairment: Weaknesses in audit procedures performed to corroborate and challenge cash flow forecasts used in management’s impairment assessment of intangible assets.

2. Going concern

The FRC had findings in this area in 38% of the audits that they inspected (previous report: 37%), all of which were assessed as requiring improvements or significant improvements. Going concern continues to be an area of particular challenge for audit teams, with several of the entities the FRC inspected experiencing financial difficulties. Many of the FRC’s findings were linked to weaknesses in the rigour of the underlying going concern assessments and supporting evidence provided by management. It is vital that audit teams exercise appropriate professional scepticism when assessing and challenging management’s assessment of going concern. Examples of key findings include:

  • Insufficient procedures to test cash flow forecasts and to assess the impact of related sensitivities in the going concern model.
  • Inadequate procedures to evaluate the impact of breaches of loan covenants during the reporting period on the continued availability of cash resources from financing arrangements.
  • Insufficient procedures to assess the refinancing of debt, in a case where this was a key assumption in management’s going concern assessment.

3. Journal entry testing

The FRC had findings in this area on 69% of the audits that they inspected (previous report: 31%), of which the majority were assessed as requiring improvements or significant improvements. The increase in the number of audits with findings in this area reflected the FRC’s inspection focus on fraud and on the audit of journal entries as a key response to the fraud risk of management override of controls. Many of the findings that the FRC had identified related to weaknesses in the planned audit approach and the linkage of this to the audit team’s fraud risk assessment. The design of the audit approach and executed procedures should be appropriately robust and responsive to the potential fraud risks identified. Examples of key findings include:

  • Weaknesses in the fraud risk assessment performed by the audit team, which informed the selection of journals for testing.
  • Insufficient or no procedures performed to test journals that were identified as meeting fraud risk criteria.
  • Insufficient procedures to test the completeness of journal entry listings obtained from management.

4. Other findings resulting in lower quality assessments

Key findings in the following areas also supported the FRC’s lower quality assessment of individual audits:

  • Revenue: On two audits that the FRC inspected, insufficient procedures had been performed to respond to audit risks identified related to revenue accuracy, completeness and/or cut-off.
  • Accounting errors: On an audit that the FRC had assessed as requiring significant improvements, inadequate procedures had been performed to assess the accounting treatment for an acquisition occurring during the period. As a result, a material accounting error was not identified by the audit team.

5. Examples of good practice the FRC observed in 2022/23

  • On one audit, the effective use of bespoke data analytic tools as part of a robust audit approach over lease accounting.
  • On another audit, the engagement of specialists to support the audit team’s evaluation of management’s going concern assessment and related financial statement disclosures.

The FRC encourages audit teams to refer to the What Makes a Good Audit publication  which includes best practices observed during inspections.

Review of quality control procedures

During 2022/23, the FRC inspected the quality control procedures at seven (out of 11) firms inspected. Their inspection programme covered each area set out in International Standard on Quality Control (UK) 1 (ISQC (UK) 1): Leadership, compliance with ethical requirements, acceptance and continuance procedures, human resources, engagement performance and monitoring. As well as reviewing a firm’s system of quality control, the FRC also evaluate samples of the application of individual policies and procedures (usually as part of the review of individual audits). For 2022/23, the FRC performed their inspection based on the policies and procedures the firm had in place on 30 September 2022.

The following themes reflect the FRC’s most common inspection findings in relation to firms’ quality control procedures.

1. Human resources

The FRC had findings across the human resources component of ISQC (UK) 1 at all seven of the firms inspected, with numerous key findings at the majority of firms. Recruitment, performance management and reward processes are key to creating and maintaining a culture and environment that supports high quality audits. Examples of key findings include:

  • Lack of a formalised appraisal process for partners in the audit practice.
  • Where a formalised appraisal process was in place, the lack of linkage between audit quality and reward.
  • Lack of a competency framework for staff and partners in the audit practice.

2. Engagement performance

The FRC had findings in this area at five of the seven firms inspected. Many firms do not have formalised procedures to lock down and appropriately archive audit files in line with the requirements of auditing standards. Consequently, most of the FRC’s inspections were performed on files which had not been appropriately archived. The FRC expects firms to take immediate action to implement appropriate archiving procedures. Examples of key findings include:

  • Shortcomings in processes for the archiving of audit files in line with the requirements of the auditing standards.
  • Insufficient measures to ensure that working papers added after the date of the auditor’s report, but before the date the file was archived, are logged and the reasons for their addition are recorded.
  • Inadequate controls to prevent or detect inappropriate edits to an audit file after being archived (and the FRC identified such edits in one audit).

3. Compliance with ethical requirements

The FRC had findings in this area at five of the seven firms inspected. Some firms do not have formalised procedures to deal appropriately with ethics-related matters. The FRC’s Revised Ethical Standard 2019 requires additional measures to be implemented by firms over and above those required by ISQC (UK) 1. Examples of key findings include:

  • Insufficient measures to ensure ethics and independence consultations are formally completed and documented.
  • Inadequate processes to monitor audit and non-audit fees.
  • Absence of appropriate ethical walls between accounting and audit functions.
  • Lack of formalised processes to monitor gifts, hospitality and entertainment.
  • Inadequate measures to monitor and address audit partner rotation and long association.

4. Acceptance and continuance procedures

The FRC had findings in this area at four of the seven firms inspected.

Robust acceptance and continuance procedures are essential in ensuring that a firm’s audit portfolio is within its capacity and capability to perform high quality audits. Examples of key findings include:

  • Lack of a policy and formal process, driven by a risk-based assessment, for accepting new clients and re-accepting existing clients.
  • Failure to consider appropriately factors such as staff availability, profitability and recovery rates, reputational risks, potential conflicts, requirements relating to regulated entities or the need for specialist skills.

5. Internal quality monitoring

The FRC had findings in this area at three of the seven firms inspected that were subject to firm quality control inspection. It is important that a firm’s quality monitoring function is independent of the audit function and that appropriate root cause analysis is performed to understand how deficiencies have occurred. Examples of key findings:

  • Inappropriate grading of files subject to monitoring reviews.
  • Failure to communicate thematic findings to the wider audit practice.
  • Lack of appropriate guidance on how to perform root cause analysis.
  • Insufficient identification of themes, which indicated that additional training or supplemental methodology guidance is required.

6. Examples of good practice the FRC observed in 2022/23

  • Where a firm’s leadership takes an active interest in driving audit quality, the FRC see improvements in audit quality in the files inspected.
  • Firms with robust client acceptance procedures are able to make better informed decisions on resources required to perform high quality audits.

Audit firms are encouraged to focus on the implementation of ISQM (UK) 1 and ISQM (UK) 2 which came into effect on 15 December 2022.

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: