The main objectives of the Financial Reporting Council’s sanctions policy are to improve audit performance, protect the public from sub-standard work, maintain market confidence and uphold proper auditing standards. The policy emphasizes, however, that its purpose is not to punish, but to protect the public through deterrence.

I find this illogical: if a firm’s failure to uphold standards leads to a finding of misconduct, and a multi-million pound fine is imposed by an enforcement tribunal of the FRC, can the firm really say “we have not been punished, but have helped to protect the public”? Much of the FRC’s wordplay is meaningless and creates even more confusion than already surrounds its sanctions policy, including its arcane methodology for determining the size of monetary penalties.

Do sanctions raise standards?

But are the FRC’s sanctions, however determined, effective in raising standards of public company audits? This cannot be answered without any objective measure. My own suspicion is that Big-4 firms could accommodate financial penalties even higher than those currently imposed, and hence that a non-financial penalty, such as the humiliation of reputational damage, is therefore likely to be more effective.


putting a spotlight on the lapse


Being of a non-financial nature it avoids the ridiculous game of attempting to infer the seriousness of an auditing misdemeanour by measuring a prospective fine against past fines, and rather puts a spotlight on the lapse itself and the role played by named individuals in the hierarchy of audit responsibility.

Attendant publicity, plus the “optional extras” of enforced corrective training and suspension of both the right to sign audit reports and the right to take on new audit work, followed by client desertion in extreme cases, are surely formidable deterrents.

KPMG’s recent South African escapades provide a graphic illustration. Predictably, the firm’s acceptance of audit work for the infamous Gupta brothers ended in ignominy. It led ultimately to the enforced resignation of KPMG’s senior South African auditing hierarchy, and being dropped by audit clients and government agencies citing “reputational risk” as their reason.

The firm’s own internal investigation identified “work that fell considerably short of KPMG’s standards”. The head of South Africa’s Revenue Service declared his wish to blacklist the firm for “unethical” and “unlawful” behaviour and threatened to report it to the country’s finance minister.

No monetary fine can compete with that for “deterrence”! Nor is KPMG alone in the matter of public shaming. Scandals galore amply cover all members of the Big-4 – not in glory, but in shame.


What it’s really about


audit work doubling as a marketing exercise


The absence of conflicting interests is implicit in true independence. Yet, as long as the law permits public company auditors to undertake the provision of lucrative non-audit services, that conflict exists, whatever they tell you. When audit work doubles as a marketing opportunity for other services, neither genuine scepticism nor full and rigorous impartiality is possible, and the only effective antidote to this insidious threat is to separate public company auditors and service providers in general, and keep them apart.

Any readers who believe that the FRC’s ethical guidance already restricts the ability of auditors to provide other services to audit clients should look again. In my ‘Comment’ last August I highlighted the pathetic muddle in the FRC’s revised ethical standard. While purporting to limit the categories of non-audit work that auditors may undertake for audit clients, the standard fudges the issue by creating a catalogue of subjectively judged exceptions, riddled with ambiguity and conflicting terminology.

How, then, do major firms reconcile the respective risks of (i) affirming going concern status for a company effectively in the throes of rigor mortis; and (ii) scaring off potential new clients by appearing to be too tough on a company that might merely be experiencing a temporary “touch of the shorts”?

Experience suggests that risk (i) above is preferred. The published findings on KPMG’s 2007 audit of HBOS highlight what happens when, instead of rigorously evaluating the worth of the company’s “non-performing” loans and investments (£50 billion of which proved to be worthless), an auditor is excessively credulous in assuming that the “market” will somehow save the company from its “temporary” liquidity glitch before impending doom arrives – and thereby concludes that the company is a going concern after all.