The International Forum of Independent Audit Regulators (IFIAR) has issued seven Core Principles for independent audit regulators. The Core Principles are divided between the structure of audit oversight and the operations of audit regulators. While the Core Principles are not binding, IFIAR Members are encouraged to comply with the Core Principles in their own jurisdictions. PCAOB Board Member Dan Goelzer is currently vice chair of IFIAR, which is chaired by Paul George, Director of Audit at the UK’s Financial Reporting Council.
The first three principles are structural in nature, Principle 1 is that the duties and powers of audit regulators should serve the public interest and be clearly and objectively stated in legislation. The legal framework for audit oversight should set forth the audit regulator’s mandate and duties, noted the Forum, and provide the regulator with adequate authority enabling it to perform audit oversight duties, including the power to address, through inspection and enforcement, compliance with the requirements for the registration of audit firms and compliance with applicable auditing, professional and independence standards.
Principle 2 is that audit regulators should be operationally independent with the ability to undertake regulatory activity and take and enforce decisions without external interference by those regulated. The audit regulator should be operationally independent from external political interference and from commercial interests in the exercise of its functions and powers, said IFIAR, including not being controlled in its governance by audit practitioners. The audit regulator should have a stable source of funding, free from influence by audit firms and sufficient to execute its powers and duties.
Principle 3 is that audit regulators should be transparent and accountable in order to maintain their integrity and credibility. Further, the decisions and actions of the audit regulator should be subject to appropriate scrutiny and review, including appeal to a higher authority. Transparency should include the publication of annual work plans and activity reports, including the outcome of inspections either in the aggregate or on a firm by firm basis.
The remaining four principles are operational. Under Principle 4, audit regulators should have comprehensive enforcement powers, including the capability to ensure that their inspection findings or recommendations are addressed. The enforcement powers should include the ability to impose a range of sanctions, including, for example, fines and the removal of an audit license and registration.
According to IFIAR, audit regulators should at a minimum be responsible for the system and conduct of recurring inspection of audit firms. Audit regulators should have the authority and ability to enforce inspection findings and recommendations, emphasized the Forum, and should have comprehensive enforcement arrangements such as fines, suspensions and the removal of an auditor’s or audit firm’s license or registration. Audit regulators should have adequate and appropriate mechanisms for enabling information to be brought to their attention by third parties and for dealing with such information, such as through complaints procedures or through whistle blowing arrangements. These mechanisms should act in a timely and effective manner and their results followed up through a system of investigations and penalties in relation to cases of inadequate or noncompliant execution of an audit.
Pursuant to Principle 5, audit regulators should have arrangements in place to ensure that inspection staff members are competent and independent. These arrangements will, as a minimum, include ensuring that staff members should not be practicing auditors or employed by or affiliated with an audit firm, and that the arrangements are not controlled in any form by a professional body.
In order for audit regulators to be effective, it is a prerequisite that there is sufficient staff of appropriate competence. The persons carrying out the reviews of quality assurance systems of audit firms should have appropriate professional training and relevant experience in auditing and financial reporting, and training in regulatory quality assurance reviews. This also means establishing adequate arrangements for consultation and discussion amongst inspectors. New inspectors should be subject to proper supervision and training.
Principle 6 provides that audit regulators should be objective, free from conflicts of interest, and maintain appropriate confidentiality arrangements. This means, said IFIAR, that audit regulators should maintain the highest standards of ethical conduct to provide the public with confidence in the objectivity of their decisions. Audit regulators should have in place prohibitions against conflicts of interest by its governing body and staff and ensure that arrangements are in place to protect confidential information from public dissemination.
Finally, pursuant to Principle 7, audit regulators should arrange for cooperation with other audit regulators and, where relevant, other third parties. The Forum reasoned that, taking into account the global nature of the financial markets, where necessary and relevant, cooperation and information sharing with other audit regulators and other third parties, including financial market regulators, is helpful to improve audit quality.