By James Hamilton, J.D., LL.M.
The wide-ranging project to draft a governance code for audit firms has drawn a range of comment in the wake of a consultation published by the Audit Form Governance Working Group. The process is being overseen by the UK Financial Reporting, which has oversight of the audit of listed companies. The twin goals of the code are to promote confidence in audit firms in their audits of corporate financial statements and reduce the risk of a firm exiting the audit market because it has lost public trust. Auditors of listed companies currently provide public information about governance of their firms in the transparency reports required by the EU Audit Directive.
The working group recognizes that audit firms have a primary duty to parties who transact with the firm to purchase the firm’s assurance service, which would be the board of the client company, particularly the audit committee, and the company’s shareholders. The working group’s position that there may be a duty to a wider group of stakeholders, such as creditors and employees, has met with some resistance from commenters who fear broader liability for the audit firm.
There is a growing consensus that effective risk management and internal controls are important factors and should be an integral part of strengthening audit firm governance and transparency. In a letter to the working group, the Independent Corporate Governance Network said that the CEO and CFO for an audit firm should both have to certify the effectiveness of their internal controls as well as their internal audit quality controls and processes. In addition, they should also be required to disclose their risk management practices and significant business risks that could affect their financial stability, capital and liquidity. In addition, the network believes that the Audit Firm Governance Code should focus on risk management and internal control of the firm as a whole, including its non-audit business.
Global audit firm networks have a number of affiliates and there is a question whether the code should apply to all members firms of the network. The governance group believes that one Audit Firm Governance Code should apply globally to every firm, and every affiliate within that firm that audits public companies. The issue should be one of scalability as appropriate for the size of the audit firm in question as opposed to whether or not the code should be applicable at all or at differing, lesser levels.
Te governance group also said that the code should contain principles covering an audit firm’s dependence on, and exposure to, the risks of other network members and how it ensures consistent quality and application of auditing standards. The group believes that the operating
procedures and governance of a firm should require it to disassociate itself from a firm or network of firms, when affiliates within the network are not required to maintain a quality control system that ensures high quality audits that provide investors reasonable assurance as to the accuracy of financial statements.