20 External financial audit

Need to know

All UK companies except dormant companies (see Chapter 21 Information in the public domain) must prepare financial statements. However, not all these companies require an audit. As part of the government’s drive to reduce the administrative burden on business, companies that are ‘small’ are exempt from requiring an audit (see Chapter 21 Information in the public domain).

According to the Federation of Small Businesses, at the start of 2020, there were 5.94 million small businesses (with 0 to 49 employees) in the UK. This covers 99.3% of all private sector businesses. However, many of these small companies may still request an audit each year, even though they are not legally required to do so. Commercial requirements, imposed for example by banks as part of their lending criteria, may necessitate companies engaging auditors despite the legal exemption. Research commissioned by the government also reveals that there are still many businesses that are unaware that they are entitled to an exemption.

Why and when is this important?

While an audit provides no guarantee that the numbers are correct, it gives credibility to financial statements by providing independent assurance on the numbers and disclosures.

The audit report is prepared solely for a company’s shareholders (‘members’) as a body rather than any individual shareholder. Other interested parties known as ‘stakeholders’ (lenders, creditors, etc.) should note this scope limitation.

Misunderstandings relating to the statutory audit are still commonplace and are collectively referred to as the ‘expectations gap’. This is the difference between what readers consider to be the purpose and remit of an audit and the reality. Some of the common misconceptions are covered below.

Fraud

Fraud is intentional deception with a view to gaining personal advantage.

If company directors (or other employees) wish to perpetrate fraud by, say, hiding or manipulating transactions then they may have a good chance of success as the auditors may not be able to uncover carefully concealed frauds. Directors rightly have primary responsibility to report company results faithfully and are also responsible for preventing and detecting fraud and error in the company. Investors often wrongly believe that the auditors are responsible for fraud detection.

Auditors can, however, be held legally liable where they have actively conspired with company directors to defraud investors. They can also be sued for breach of contract where they have not carried out the audit properly and might otherwise been expected to spot significant fraud. Auditors may also face liability for negligence if they do not exercise due care in the conduct of the audit. As regulated professionals, they can also face disciplinary action by their professional body (e.g. ICAEW, ACCA) when they have failed to demonstrate competence and due care.

Who is ultimately responsible or to what extent is an ongoing issue that resurfaces each time a major corporate fraud is uncovered. For example, in 2020, Wirecard, a German payment processor and financial services provider, filed for insolvency after the auditors refused to sign off the audit report on the company’s 2019 financial statements. The auditors (who were incumbent auditors over many years) accused their client of an elaborate and sophisticated fraud. However, the investor community pointed the blame at the auditors for failing to uncover discrepancies that should also have been apparent in earlier years. The German Finance Minister also raised concerns about the role of auditors and regulators in failing to uncover the fraud.

This case is only one in a long list of corporate failures in which the role and effectiveness of audit has been questioned. In response to concerns, in 2021, the UK government launched a consultation on wide-ranging reforms aimed at modernising the UK’s audit and corporate governance regime. The Business Secretary set out the purpose of the consultation by stating that ‘major new reforms to the UK’s audit regime will aim to safeguard British jobs, avoid company failures and reinforce the UK’s reputation as a world-leading destination for investment’

Errors

Errors (in contrast to fraud) are the result of unintentional mistakes. For example, a bookkeeper may inadvertently allocate a receipt to the wrong customer account.

Reasonable assurance (not a guarantee)

Given the sheer number of transactions a typical business undertakes and the scope for directors to manipulate transactions, a statutory audit can only ever provide ‘reasonable assurance’ that the financial statements do not contain mistakes, i.e. an audit provides no guarantee against fraud or errors.

This is in part because auditors typically only sample-check transactions when forming their opinions, which means that there is always a risk of errors remaining undetected. Consider, for example, the volume of transactions (loans, deposits, cash withdrawals, inter-branch and worldwide activity) relating to Barclays bank during the course of a single day (let alone a year!) and it should be quite clear why it would be impossible to check the authenticity of every transaction occurring at every branch of Barclays for the year.

While today’s use of sophisticated programming tools and data analytics now enable audit firms to carry out audit testing over entire populations of data, the risk of fraud remains due to the inherent threat of deception by management.

Going concern

Financial statements are prepared on the presumption that a company will continue operating into the future. This is known as going concern. Going concern refers to a period of at least 12 months from the date of approval of the financial statements. Directors are required to review the period ahead to consider whether the company will be able to continue operating. Auditors, in turn, are required to consider whether the directors’ assessment is appropriate (see Chapter 25 Insolvency and going concern risk). However, as the future is never certain, this assessment should not be seen as providing a guarantee of the future financial health of the company. The impact of sudden or unforeseen external events, such as the Covid-19 pandemic, cannot be anticipated. As events have shown, many businesses, including well-known high street names, were forced to cease trading within a short period of time, despite directors and auditors concurring that the business was a going concern only a few months earlier.

A focus on the past (with very limited focus on the future)

An audit primarily focuses on checking transactions relating to past activity with only a limited focus on the future (i.e. going concern review). The financial statements are historic in nature, i.e. they report on what has happened rather than forecast what is likely to happen. The focus on historic performance enables auditors to obtain reliable and verifiable evidence to validate past transactions. Audits cannot for obvious reasons provide assurance about future performance, as there is no reliable evidence that can prove a future that has not yet happened.

The auditor will, however, review the assumptions used by directors in arriving at their conclusion that the going concern basis of preparation is appropriate, based on the information available at that time. It is the responsibility of company directors to satisfy themselves that their strategy is appropriate and that the business is financed adequately to continue operating into the future (see Chapter 25 Insolvency and going concern risk).

In practice

Banks, lenders, creditors, shareholders and investors place value on independently audited financial statements, despite the limitations of an audit.

Banks, for example, will typically require audited company accounts as a pre-condition to advancing a loan and require annual audits for the duration of the loan agreement. Where an organisation is seeking to obtain new loan funding, a history of audited financial statements can provide the lender with a higher level of assurance than unaudited statements.

Similarly, where an investor is choosing between different potential companies to invest in, the company with a history of audited accounts may be assessed to be a more credible investment opportunity.

An independent review of the financial statements by an auditor will also provide some comfort to directors, especially where they have not been involved in the detailed preparation of the numbers. Accounts are typically prepared by the company’s finance department so their review by an impartial auditor may highlight errors or system weaknesses that might otherwise have gone undetected.

Companies looking to supply services to the public sector will likely go through a strict tender process, which includes a requirement to provide audited financial statements.

Nice to know

True and fair

There is no formal definition of true and fair even though it is a legal term. It is interpreted to mean that the accounts are free from material misstatements and faithfully represent the historic financial performance and position of the entity.

Determining whether financial statements are true and fair is ultimately a professional judgement left to auditors, although checking that the financial statements comply with accounting standards and company law are relevant considerations.

Materiality

Materiality is a core concept in auditing. It helps the auditor to direct their effort towards identifying and testing significant transactions or account balances rather than all balances. It is also used to determine whether any discrepancies identified during the course of the audit need to be corrected or adjusted.

A materiality level or threshold is set at the start of every audit. This is typically a numerical value related to the profit and assets of the business being audited. For example, a materiality threshold of 5% of profit before tax may be set as a profit materiality level and 1% of total assets as a balance sheet materiality level.

Transactions or account balances larger than these numerical thresholds would be classified as material and therefore scrutinised by the auditor. In addition, where the auditor identifies an error greater than the materiality threshold, they will notify the directors that the financial statements should be adjusted to correct for the error. If the company refuses to adjust, the auditor would qualify their report (see below).

Internal audit

Larger companies typically have their own internal audit function. Internal audits differ in nature, purpose and scope to an external audit.

The scope and purpose of an internal audit is determined by the company and work may be undertaken by staff employed by that company. The focus of internal audit typically includes testing (and making recommendations for improvements to) the company’s systems and controls, fraud investigations, and seeking efficiency improvements.

External auditors, while not required to make use of the work of internal auditors, may seek to rely on their work, although this must be restricted to non-judgmental areas, i.e. areas considered low risk by the external auditor.

Optional detail

Audit modifications

Modifications arise in audit reports when the auditor does not agree with some aspect of the financial statements. Modifications depend on the nature of uncertainty or disagreement and the significance of the matter. The nature of the modification leads to different opinions, which are described further below as ‘qualifications’, ‘adverse’ or ‘disclaimer’ opinions.

Qualifications

With a qualified opinion the auditor is basically stating that there are, or could be, material (i.e. important or significant) misstatements, although these are confined to one or a few specific elements (e.g. numbers or disclosures) in the financial statements.

An auditor will issue a qualification in their audit report when there is:

• 1Disagreement: when the financial statements include a matter that does not comply with generally accepted accounting practice, although the rest of the financial statements are fairly stated. For example, if the accounts do not include the depreciation expense related to motor vehicles, the profit and loss account will overstate profit.
• 2Uncertainty: where the auditor has been unable to obtain sufficient appropriate evidence about a specific matter in the financial statements, although this limitation in scope does not apply to the rest of the audit. For example, if the auditor was unable to obtain sufficient evidence to confirm physical quantities of stock held by the business at its year end, there will be uncertainty over the stock balance included in the accounts (see Chapter 11 Stock).

The auditor would issue a qualified opinion by including a ‘Basis for Modification’ section to the audit report to explain the matter(s) giving rise to the modification.

The audit opinion paragraph will include the words ‘except for’ or ‘except for . . . might’, to highlight the disagreement or uncertainty in each specific area of the financial statements. These words are used to indicate that, except for the specific matters being referred to in the audit report, the financial statements give a true and fair view.

Adverse opinion

An adverse opinion is a severe (pervasive) form of disagreement and is issued when the disagreement is so significant that the financial statements as a whole are not true and fair. For example, where a company has prepared accounts on a going concern basis but the auditor has concluded that the basis of preparation is not appropriate, they will state in their opinion that the financial statements ‘do not give a true and fair view’.

Disclaimer

A disclaimer is a severe (pervasive) form of uncertainty. It results in an auditor being unable to form an audit opinion. For example, where financial information has been destroyed or cannot be retrieved, the directors will be unable to provide the auditor with information and explanations they require to undertake the audit. In this situation, the auditor is unable to complete the audit and therefore does not express an opinion on the financial statements.

If there is a management-imposed limitation on the scope of the audit that the auditor concludes could be pervasive, where practicable and possible under applicable law or regulation, the auditor should withdraw from that audit. This might arise, for example, where the directors refuse to provide information or explanations that the auditors require to undertake their work.

Going concern

(See also Chapter 25 Insolvency and going concern risk)

Company accounts must include a statement setting out the directors’ judgements about the ability of the company to continue operating into the foreseeable future (at least 12 months from the date of approval of the financial statements). Directors state whether it is considered appropriate to continue preparing the financial statements on a going concern basis.

This statement is reviewed by auditors and referenced in the audit report. Where the auditor concurs with the directors’ disclosure, then there are no changes necessary to the audit report.

However, where directors raise doubts about the viability of the business, they need to explain the uncertainty in the financial statements. For example, a company may be subject to a significant lawsuit and this could affect its future ability to continue in business. In this situation, the directors would be required to make further disclosures, including details of the lawsuit and its potential adverse impact on the continuity of the business. Where the auditor agrees with the adequacy and accuracy of these disclosures, the audit report would be unqualified. However, it would contain an additional ‘emphasis of matter’ paragraph to highlight the existence of the uncertainty. The inclusion of this paragraph within the audit report is designed to draw the readers’ attention to the material uncertainty.

Should the auditors disagree with the directors’ disclosures regarding going concern, they will issue an adverse opinion (see above).

Reflect and embed your understanding

• 1Directors are legally responsible for preparing the financial statements of the company, yet auditors are often blamed by investors for failing to find fraud in financial statements.
  • aWhy is this?
  • bShould directors and auditors share responsibility for fraud detection?
  • cIf so, in your view, should they share this responsibility equally or otherwise?
• 2Small companies are not required to have an annual audit. Given the benefits an audit can bring, should all companies, large and small, be subject to audit?
• 3Consider the following scenario for an example organisation. If the auditors disagreed with the directors with regard to a material matter and this led to an audit qualification, what would your reaction be, as a shareholder, in terms of confidence or trust in that organisation’s leaders?
• 4Consider doing an online search for UK companies that have received modified audit opinions from their external auditors within the last 5 years.
  • aHow many companies did you find?
  • bDid you expect more or fewer companies with modified audit reports?
  • cWhat conclusions, if any, can you draw from this?

For the authors’ reflections on these questions, please go to financebook.co.uk

Where to spot in company accounts

The audit report is included in the annual report and accounts. It is addressed to the members of the company.

Extract from Greggs plc 2020 Audit Report included within the Annual Report and Accounts 2020 (p. 104)

INDEPENDENT AUDITOR’S REPORT

TO THE MEMBERS OF GREGGS PLC

1 Our opinion is unmodified

We have audited the accounts of Greggs plc (‘the Company’) for the 53 week period ended 2 January 2021 which comprise the consolidated income statement, consolidated statement of comprehensive income, balance sheets, statements of changes in equity, statements of cashflows, and the related notes, including the accounting policies.

In our opinion:

• –the accounts give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 2 January 2021 and of the Group’s loss for the period then ended;
• –the Group accounts have been properly prepared in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006;
• –the Parent Company accounts have been properly prepared in accordance with international accounting standards in conformity with the requirements of, and as applied in accordance with the provisions of, the Companies Act 2006; and
• –the accounts have been prepared in accordance with the requirements of the Companies Act 2006 and, as regards the Group accounts, Article 4 of the IAS Regulation to the extent applicable.

Basis for opinion

We conducted our audit in accordance with International Standards on Auditing (UK) (‘ISAs (UK)’) and applicable law. Our responsibilities are described below. We believe that the audit evidence we have obtained is a sufficient and appropriate basis for our opinion. Our audit opinion is consistent with our report to the Audit Committee.

We were first appointed as auditor by the Company before 1984. The period of total uninterrupted engagement is for more than the 37 financial years ended 2 January 2021. We have fulfilled our ethical responsibilities under, and we remain independent of the Group in accordance with, UK ethical requirements including the FRC Ethical Standard as applied to listed public interest entities. No non-audit services prohibited by that standard were provided.

Overview
Materiality: Group accounts as a whole	£5.0m (2019: £5.0m)
Coverage	100% (2019:100%) of Group loss (2019: profit) before tax
Key audit matters		vs 2019
Recurring risks	Valuation of defined benefit pension obligation
Event driven	New: Going Concern	▲
	New: Recoverability of company-managed shop Property, plant and equipment and right-of-use assets	▲

Key audit matters: our assessment of risks of material misstatement

Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the accounts and include the most significant assessed risks of material misstatement (whether or not due to fraud) identified by us, including those which had the greatest effect on: the overall audit strategy; the allocation of resources in the audit; and directing the efforts of the engagement team. We summarise below the key audit matters, in decreasing order of audit significance, in arriving at our audit opinion above, together with our key audit procedures to address those matters and, as required for public interest entities, our results from those procedures. These matters were addressed, and our results are based on procedures undertaken, in the context of, and solely for the purpose of, our audit of the accounts as a whole, and in forming our opinion thereon, and consequently are incidental to that opinion, and we do not provide a separate opinion on these matters.

Consolidate and apply

To see how the concepts covered in this chapter have been applied within Greggs plc, review Chapter 36, p. 407.

Watch out for in practice

• →Modified audit opinions and reason(s) for modification.
• →Note, audit qualifications are quite rare in practice, as errors identified during the audit will very often be corrected by directors by making required adjustments to the financial statements.
• →Where an audit report for a company is modified, it is important to read through the audit report to understand the reasons for the qualification, i.e. whether the qualification has arisen because of a disagreement with the directors or because of an uncertainty such as the non-availability of evidence to confirm a transaction or balance.
• →Qualifications highlight auditor concerns with information presented in financial statements and the directors will therefore likely be required to defend their position in the face of questions from shareholders and other stakeholders. Look out for director disclosures in such circumstances.
• →Whether a qualification has impacted share price negatively? (A number of studies from around the world suggest there is little evidence of a share price effect when accounts with qualified audit reports are published.)