ICAEW.com works better with JavaScript enabled.

An Audit and Assurance Policy: are you in agreement?

16 September: ICAEW is looking for member views on the concept of a three-year rolling Audit and Assurance Policy, as recommended by the Brydon Report. We examine the initial results.

Three weeks ago, we launched our survey to get your insights on the proposal for a published Audit and Assurance Policy as part of a major new ICAEW project. We have been delighted to receive a diverse mix of inputs and insights from varying stakeholder groups. However, we want to ensure that all views are fully represented, so please help us by accessing the link below and completing the questionnaire.

Our initial analysis indicates there are areas of commonality in views, including a broad belief that this is an exercise that can create value, adding colour, credibility and transparency to the risk disclosures currently included in the Annual Report and Accounts. 87% of respondents to date believe this proposal will provide greater transparency over risk mitigation. 76% believe the proposal will increase the accountability of audit and assurance providers and 71% believe it will assist in reducing the perceived “expectation gap” when it comes to the role of the statutory audit.

However, there are challenges and diverse opinions on questions including:

- With no single definition of audit and assurance, how do we create clarity and transparency so users can understand the disclosures?

- Is this really a means to deliver greater confidence in future-orientated information?

- Given that much of the activity of assurance providers is in the form of assessments of controls, without binary outcomes, how do we represent this?

- Is it possible to provide information that is suitably succinct to create value for users, without it being boiler-plate and without breaching commercial sensitivities?

- Should the focus be on outcomes and whether the work of auditors and assurance providers is really indicating that risks are effectively mitigated, or should it be on the coverage of those activities?

- Can we include the work of internal teams conducting assessments of processes and controls or is it only appropriate to disclose the work of independent parties?

- Stakeholders already have volumes of information to read and digest: how do we provide this in a form that ensures it does not add to the bureaucracy without genuine value?

We have also identified several companies already attempting to draft an Audit and Assurance Policy in anticipation of this becoming a requirement. Perhaps yours is also? We would love to receive or discuss any examples.

Contributors have said this offers up a real opportunity to create greater understanding of how organisations mitigate risk, within their appetite levels. It represents a new level of transparency and opportunity for discussion between audit committees and broader stakeholder groups. 

Please take the opportunity to ensure your views are considered and included in our reporting by clicking the link below and completing the questionnaire.

Aligning Risk Reporting with Audit and Assurance: Questionnaire to Contribute to Policy Recommendations