The FRC has recently sanctioned KPMG in respect of the latter’s audit of an investment company, Foresight 4 VCT plc (“Foresight”). The approach to sanctions is a departure from previous decisions and we comment on possible lessons to be learned below.

The findings

The issues themselves concerned a failure to obtain sufficient appropriate audit evidence (ISA 500), and a failure to set out sufficient audit documentation (ISA 230).

The audit strategy memorandum stated that the audit team planned to obtain evidence of share capital balances by inspecting documents submitted to Companies House. The Decision Notice notes the audit team did not do so and as a consequence the Respondent did not identify the cancellation of the share premium account and capital redemption reserve or the misstatement of these balances and the profit and loss reserve in the FY2013 financial statements. These errors were carried forward to the FY2014 and FY2015 financial statements until the figures were restated in FY2016.

The Decision Notice concluded the misstatements could have harmed investor, market and public confidence in the truth and fairness of the financial statements but also noted these breaches did not:

• impact Foresight’s profits or net asset value for any financial year; or
• adversely, or even potentially adversely, affect a significant number of people in the United Kingdom; and
• were neither intentional, dishonest, deliberate nor reckless.

Sanctions

An adverse finding in relation to an admitted error which had no immediate consequences for the public at large is noteworthy in itself. However, what is more remarkable about this Decision Notice is the approach which FRC Enforcement has taken to sanctions:

• While KPMG received a reprimand, there was no fine whatsoever (just an agreement to pay the FRC’s costs of c.£49,600).
• No audit partner was publicly named.
• FRC’s Executive Counsel required KPMG to “monitor its audit teams’ adherence to its audit procedure on company capital and distributions … such procedure having been put in place since the breaches occurred” ie. to monitor the effectiveness of remediation undertaken by the firm and to report to the FRC on the results of this monitoring afterwards.

Comment

There are some general lessons for all audit practices:

• This is a further statement of intent from the FRC to see an improvement in audit standards, and audit firms must increasingly resign themselves to being investigated and sanctioned for any breach of the standards.
• On a more positive note for audit firms, for one off or less serious breaches of relevant requirements, a fine (and the naming of the audit partner) may now be avoided, particularly if the FRC considers there is sufficient cooperation, contrition and remediation on the part of the audit firm.
• Training must ensure audit teams follow the audit strategy memorandum to the letter. Here, the relevant audit procedures, which were not followed, concerned checking Companies House filings by the audit client. The second partner review “four eyes” safeguards, which are now standard for all large audit firms, should in theory ensure such mistakes are a thing of the past.
• Audit documentation on the file must be sufficient to enable an experienced auditor, with no previous connection to the audit, to understand the matters concerned. This is an important issue for the FRC. The FRC’s forensic team will literally be that hypothetical ‘experienced auditor’ looking at the file with fresh eyes. It is always worth taking a step back before signing off the file and asking whether this Relevant Requirement has been met.
• Remediation ensuring improved audit standards within the audit practice going forward is absolutely key; it will reduce, or as shown by this decision, even avoid, fines being imposed. 

The monitoring element of the sanctions package is especially interesting and we would be curious to see how the Executive Counsel works together with the FRC’s supervision function ‘AFMAS’ (‘Audit Firm Monitoring and Supervision’).

Postscript

It is tempting to speculate on the FRC policy decision behind the Foresight Decision Notice. FRC enforcement outcomes typically turn on their own facts and reflect the specific settlement dynamics at play, so we are wary of going too far in our predictions. However, there is a shared interest between the regulator and the audit firms in working together to drive up standards, and maybe there will be an increased willingness to approach disciplinary investigations with this in mind, and a departure from the previous focus of sanctions on deterrence. There is logic in doing so; most breaches of standards, even quite serious breaches, are caused through human error, are not deliberate and sanctions based upon deterrence and punishment can only go so far in achieving the shared goal of improving audit standards. There is also a strong case for reserving weightier sanctions for more serious cases, not only as a matter of natural justice (fairness is key to any regulation) but to prevent the currency of fines and ‘severe reprimands’ becoming devalued.