accaglobal.

com

Corporate governance and its impact on

audit practice
ACCA - https://www.accaglobal.com

15–19 minutes

The syllabus for P7 (INT), Advanced Audit and Assurance contains the
following learning outcome:

Outline and explain the need for the legal and professional framework
including:
i) public oversight of audit and assurance practice
ii) the role of audit committees and impact on audit and assurance practice.

Note: the syllabus and study guide for the UK adapted paper is worded
slightly differently in that they refer to jurisdiction specific Corporate
Governance Code. For both INT and UK and IRL adapted papers, the UK
Corporate Governance Code is included in the list of examinable
documents, as is the UK Financial Reporting Council Guidance on Audit
Committees (Revised September 2012) as examples of guidance on best
practice in relation to corporate governance principles and specific guidance
in relation to audit committees. For the SGP adapted exam, The Singapore
Code of Corporate Governance is the relevant code of best practice.

Candidates attempting P7 are expected therefore to be conversant with

corporate governance principles, many of which they will have seen in
previous exams F8, Audit and Assurance and P1, Governance, Risk and
Ethics. The focus in P7 is on the impact that corporate governance
principles and practice can have on the audit process, and this article
explores some of these issues.

Basic principles of corporate governance – a reminder

Corporate governance is the system by which organisations are directed

and controlled. It encompasses the relationship between the board of
directors, shareholders and other stakeholders, and the effects on corporate
strategy and performance. Corporate governance is important because it
looks at how these decision makers act, how they can or should be
monitored, and how they can be held to account for their decisions and
actions.

The published audited financial statements and related information are

therefore of key importance. They will usually be the main information set to
which shareholders and other stakeholders have access and this is why
having credible financial statements supported by the auditor’s opinion is
crucial.

Many regulatory authorities, including the UK, use a code of best practice,
often termed a ‘comply or explain’ approach to corporate governance. Under
this approach the regulatory authority issues a set of principles with which
company directors of listed companies are expected to comply. In many
jurisdictions disclosures are required in the financial statements to
demonstrate compliance. Non-compliance is not expected, but in its event,
the facts of the non-compliance must be clearly disclosed and explained.

In some jurisdictions, such as the US, a more prescriptive approach is used,

whereby corporate governance requirements are set by legislation. Both the
principles and the legislative approaches are broadly similar in the matters
they address. They both deal with the importance of the board of directors
having a balanced structure, emphasising the need for non-executive
directors, and for robust procedures in relation to the appointment of board
members, and their remuneration. They both describe the merits of audit
committees and the need to monitor the effectiveness of internal controls.
They both demand disclosure about these and other matters in the annual
report.

The main principles of the UK Corporate Governance Code

The content of the UK and Singapore Corporate Governance Codes are

very similar and for the purpose of this article the principles and provisions
of the UK Code will be used to highlight some of the key areas that the
board should consider when assessing their system of corporate
governance.

The Code comprises five sections, each containing main principles:

Leadership

Every company should be headed by an effective board which is collectively

responsible for the long-term success of the company, and should lead and
control the company’s operations.

There should be a clear division of responsibilities at the head of the

company, which will ensure a balance of power and authority, such that no
one individual has unfettered powers of decision.

Non-executive directors should constructively challenge and help develop

proposals on strategy. The board should include a balance of executive and
non-executive directors such that no individual or small group of individuals
can dominate the board’s decision taking.

Effectiveness

The board and its committees should have the appropriate balance of skills,
experience, independence and knowledge of the company to enable them to
discharge their respective duties and responsibilities effectively.

There should be a formal, rigorous and transparent procedure for the

appointment of new directors to the board. All directors should receive
induction on joining the board and should regularly update and refresh their
skills and knowledge.

All directors should be submitted for re-election at regular intervals, subject

to continued satisfactory performance.

Accountability

The board should present a balanced and understandable assessment of

the company’s position and prospects. For UK companies, this is also
required by the Companies Act 2006, which requires that the directors
disclose a business review as part of the directors’ report to be included in
the financial statements.

The board should maintain sound risk management and internal control
systems. The board should establish formal and transparent arrangements
for considering how they should apply the corporate reporting and risk
management and internal control principles and for maintaining an
appropriate relationship with the company’s auditor.
Remuneration

Levels of remuneration should be sufficient to attract, retain and motivate

directors of the quality required to run the company successfully, but a
company should avoid paying more than is necessary for this purpose. A
significant proportion of executive directors’ remuneration should be
structured so as to link rewards to corporate and individual performance.

Relations with shareholders

There should be a dialogue with shareholders based on the mutual

understanding of objectives. The board as a whole has responsibility for
ensuring that a satisfactory dialogue with shareholders takes place. The
board should use the Annual General Meeting to communicate with
investors and to encourage their participation.

The role of audit committees

The audit committee is such an important part of corporate governance that

it is the subject of its own guidance document in the UK, the Financial
Reporting Council’s Guidance on Audit Committees. The audit committee
should be made up of at least three independent non-executive directors,
one of whom should have recent and relevant financial experience. The
committee has many roles, including several that are specifically related to
the external auditor, which are discussed below.

Review of published financial information

The audit committee should monitor the integrity of the company’s financial
statements and any formal announcements relating to the company’s
performance. Significant financial reporting judgements should be
specifically reviewed. This means that committee members should
scrutinise all published financial information, and question and be ready to
challenge the finance director and external auditors on any contentious
matters arising.

Systems and controls

The audit committee members have responsibility to review the company’s
internal financial controls and systems, and the risk management systems,
unless there is a separate risk committee.

Most large companies have an internal audit function, in which case the
audit committee should extend its monitoring role to include that function,
including the evaluation of the effectiveness of that function.

Where there is no internal audit function, the audit committee should

consider annually whether there is a need for internal audit and make a
recommendation to the board, and the reasons for the absence of such a
function should be explained in the relevant section of the annual report.

Fraud prevention and detection

Finally, the audit committee plays a part in fraud prevention and detection in
that whistleblowing arrangements should be made so that staff of the
company may raise concerns about possible improprieties in respect of
financial reporting matters.

External auditors – general principles

The audit committee has specific responsibilities in respect of the external

auditors, including recommending the appointment, reappointment and
removal of the external auditor, approving fees paid for audit and non-audit
services, and agreeing on the terms of engagement with the external
auditor. A point specific to the UK adapted paper is that following a revision
to the UK Corporate Governance Code in 2012, there is now a requirement
for FTSE 350 companies to put the external audit out to tender every 10
years.

One of the key issues is that the audit committee should annually assess
the independence, objectivity and effectiveness of the external audit
process, considering of the ethical framework applicable in the jurisdiction in
which the organisation is operating. The audit committee should report
annually to the board on their assessment with a recommendation on
whether to propose to the shareholders that the external auditor be
reappointed. The audit committee section of the annual report should also
discuss the annual assessment of the external audit process by the audit
committee and also include information on the length of tenure of the
current audit firm, when a tender was last conducted, and any contractual
obligations that acted to restrict the audit committee’s choice of external
auditors.

In relation to potential threats to objectivity, the audit committee should seek

reassurance that the auditors and their staff have no financial, business,
employment or family and other personal relationship with the company
which could adversely affect the auditor’s independence and objectivity. The
audit committee should seek from the audit firm, on an annual basis,
information about policies and processes for maintaining independence and
monitoring compliance with relevant requirements, including current
requirements regarding the rotation of audit partners and staff.

External auditors – the annual audit cycle

The audit committee should be involved at all stages of the audit, to obtain
comfort that a quality audit will be performed. The Guidance on Audit
Committee specifically requires the following to take place:

At the start of each annual audit cycle, the audit committee should ensure
that appropriate plans are in place for the audit. This includes consideration
of planned levels of materiality, and the proposed resources to execute the
plan, having regard also to the seniority, expertise and experience of the
audit team. In practice this means that before any audit fieldwork takes
place, the audit firm should meet with the audit committee to discuss the
audit strategy and audit plan, demonstrating that auditing standards and
quality control principles have been adhered to in their development.

The audit committee should review, with the external auditors, the findings
of their work. In the course of its review, the audit committee should discuss
with the external auditor major issues that arose during the course of the
audit and have subsequently been resolved and those issues that have
been left unresolved; review key accounting and audit judgements; and
review levels of errors identified during the audit, obtaining explanations
from management and, where necessary, the external auditors as to why
certain errors might remain unadjusted. The audit committee should review
and monitor management’s responsiveness to the external auditor’s findings
and recommendations. Thus, all key audit findings should be shared with
the audit committee and discussed with them as the audit progresses.

At the end of the annual audit cycle, the audit committee should assess the
effectiveness of the audit process, by:

reviewing whether the auditor has met the agreed audit plan and understand
the reasons for any changes, including changes in perceived audit risks and
the work undertaken by the external auditors to address those risks

considering the robustness and perceptiveness of the auditors in their

handling of the key accounting and audit judgements identified and in
responding to questions from the audit committee

obtaining feedback about the conduct of the audit from key people involved,
for example the finance director and the head of internal audit

reviewing and monitoring the content of the external auditor’s management

letter (report to those charged with governance), in order to assess whether
it is based on a good understanding of the company’s business and
establish whether recommendations have been acted upon and, if not, the
reasons why they have not been acted upon, and

reporting to the board on the effectiveness of the external audit process.

In summary, the audit committee carefully monitors the conduct of the audit,
and plays an important part in ensuring the quality and rigour of the external
audit of the financial statements.

External auditors – provision of non-audit services

Specifically, the audit committee should develop and implement a policy on

the engagement of the external auditor to supply non-audit services, taking
into account the relevant ethical principles and requirements. The audit
committee’s objective should be to ensure that the provision of such
services does not impair the external auditor’s independence or objectivity.
The audit committee should consider:

whether the skills and experience of the audit firm make it the most suitable
supplier of the non-audit service

whether there are safeguards in place to eliminate or reduce to an

acceptable level any threat to objectivity and independence in the conduct
of the audit resulting from the provision of such services by the external
auditor

the nature of the non-audit services

the fees incurred, or to be incurred, for non-audit services both for individual
services and in aggregate, relative to the audit fee, and

the criteria which govern the compensation of the individuals performing the
audit.

The audit committee should set and apply a formal policy specifying the
types of non-audit service:

for which the use of the external auditor is pre-approved (i.e. approval has
been given in advance as a matter of policy, rather than the specific
approval of an engagement being sought before it is contracted)

from which specific approval from the audit committee is required before
they are contracted, and

from which the external auditor is excluded.

One of the non-audit services specifically referred to in the Guidance on

Audit Committees is the provision of internal audit by the external auditor. If
the external auditor is being considered to undertake aspects of the internal
audit function, the audit committee should consider the effect this may have
on the effectiveness of the company’s overall arrangements for internal
control and investor perceptions in this regard.

Conclusion

Candidates preparing to attempt P7 should be familiar with the corporate

governance principles outlined in this article, and they are encouraged to
read the source documentation to obtain a full understanding of general
corporate governance principles and the role of audit committees in
particular. It is the impact of these matters on the audit process that is
particularly important to understand, and candidates should be ready to
include points relating to corporate governance in their answers where
appropriate.

Written by a member of the P7 examining team