All companies established in England and Wales (subject to limited exceptions, such as in the case of small or dormant companies) must, by law, have their annual accounts audited.
This requirement is likely well-known to EG readers, as is the fact that some statutory audits – and the audit profession in general – have attracted much press, regulatory and government criticism in recent times. This criticism has frequently come in the wake of unexpected corporate collapses or financial scandals that were not detected or foreshadowed in the relevant audits.
Without commenting on the quality of the audits that have garnered the headlines, what this recent attention has highlighted is that there is often a difference between what the wider “audience” of audited accounts may consider to be the nature and purpose of statutory audits and what is the case.
What is a statutory audit?
A statutory audit is a process, conducted by reference to published audit standards (ISAs), by which an independent auditor reports whether the accounts produced by the company show a true and fair view of the company’s financial position at a given date as asserted by the company’s directors. It is they – the directors – who remain responsible for the production and accuracy of the financial statements.
The auditor’s objective is to obtain reasonable assurance as to whether the financial statements as a whole are free from material misstatement – whether due to fraud or error – and to issue the auditor’s opinion in this regard.
Reasonable assurance is not a low threshold. However – and importantly – neither is it a guarantee of the absence of material misstatement in the financial statements.
This stands to reason given how audits must be conducted. The auditors could not – without prohibitive cost and time implications – check every transaction and financial aspect of the company. Instead, the auditors test by sample and process (and increasingly by data analysis) within the context and framework of the ISAs and accounting standards that the company’s directors have to comply with in preparing the accounts.
How does it work?
In order to ascertain what sampling and testing to carry out so as to achieve their objective, the auditors first plan their audit – identifying how the business operates, materiality thresholds and areas of risk of material misstatement (including fraud or error) in the context of the wider business environment and the company’s internal accounting procedures.
The sampling and testing – which the auditor must carry out in accordance with the ISAs while exercising professional judgment and scepticism – then seeks to determine whether there is any material misstatement in the accounts. Misstatements are material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.
Plainly, the risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting a material misstatement resulting from (mere) error, as fraud will likely involve actions specifically designed to prevent its detection. If the auditor fails to detect a fraud, then it is by no means axiomatic that they failed to meet the standard of care required in the conduct of the audit.
It is worth emphasising here that the audit is “for” the company and its shareholders as a whole. English law is quite clear as to whom an auditor owes (and does not owe) duties. In particular, the auditor does not, without some specific assumption of responsibility, owe duties to individual shareholders or investors (or anyone else) who might read or rely on the accounts in making investment decisions.
To support any conclusions that the financial statements are properly stated, the auditors need to obtain sufficient audit evidence through the audit process. If such evidence is not available it may result in the modification or qualification of the auditor’s opinion, or the inclusion of an “emphasis of matter” within the audit report which draws attention to a particular issue presented or disclosed in the financial statements.
This might be the case, for example, in the context of asset valuation where the auditor relied on a valuer’s report and that report was itself the subject of a material uncertainty clause (for example as a result of the impact of the Covid-19 pandemic).
Similarly, in the current environment, there may be a heightened concern over the ability of some tenants to pay rent when due. That in turn may impact the auditor’s assessment of the appropriateness of the use, by directors of a property company, of the going concern basis of accounting. This is all the more so where the company is highly leveraged.
It is always, therefore, essential in any situation to read carefully the audited financial statements, including the auditor’s opinion and the notes to the accounts, and to do so in the context of an understanding of the scope of what an audit is (and is not).
Key takeaway
Audit is a process designed for a specific (but limited) purpose. It is a process that takes place in the context of published audit standards, which is intended to give reasonable assurance about financial statements to a company and its shareholder body. The primary responsibility for the accuracy of financial statements, and indeed the way that the business of a company has been conducted, lies with its directors.
Jim Oulton is a partner and Mike Newham is counsel in the professional risks and insurance team at Mayer Brown International LLP
