ICAEW members have been in touch with the Audit and Assurance Faculty flagging requests to auditors in relation to going concern assessment periods.

These requests are often communicated by the audited entity, but originate with regulators, trade bodies and other parties outside the auditor-auditee relationship. 

Careful consideration of these requests is warranted. They have the potential to create a duty of care, particularly where auditors are asked to report explicitly on an extended going concern assessment period in the statutory audit or other report.

Going concern assessment periods

ISA (UK) 570 requires auditors to obtain sufficient appropriate audit evidence and conclude on the appropriateness of management’s use of the going concern basis of accounting in the preparation of financial statements. This assessment must cover at least 12 months from the date that the financial statements are approved. 

It has become increasingly common for entities to extend their own going concern assessments, going beyond 12 months to 15 months and more from financial statement approval.

This is often because regulators, trade bodies or other third parties are looking for direct or indirect comfort regarding the financial resilience of the audited entity. In many cases, they have a specific mandate to promote resilience.   

Paragraph 13-1 of ISA (UK) 570 makes clear that, no matter what period management covers, the auditor’s assessment must match it. The longer the period of management’s assessment, the more uncertain and unreliable the information upon which that assessment is based. 

The auditor must consider if, as well as how, sufficient appropriate audit evidence can be obtained to enable them to conclude on the appropriateness of management’s going concern assessment.

All of this entails additional work, greater auditor challenge, increased costs, and extra exposure to risk for the auditor in relation to the statutory audit.

Regulators, trade bodies or other third parties may ask that auditors extend their assessments. They may also ask that auditors explicitly state that they have done so in the statutory audit report, deviating from the standard wording.

In either case, it is at the very least possible that a duty of care to the third party might arise, particularly if the third party has a resilience mandate. This is regardless of Bannerman clauses in statutory audit reports, or other disclaimers or ‘non-reliance’ wording in associated documentation agreed between the company and the third party.

The auditor’s duty of care

The Audit and Assurance Faculty’s technical guidance on the audit report and auditor’s duty of care to third parties (Technical Release 01/03 AAF) makes it clear that auditors assume responsibility for the audit report to the audited entity’s members as a body in accordance with Chapter 3 of Part 16 of the Companies Act 2006.

The Bannerman wording was introduced into audit reports through Technical Release 01/03 to mitigate the risk that third parties might seek to rely on audit reports, asserting that auditors owe them a duty of care where things have gone wrong.

However, the Bannerman clauses may be overridden by actions which might be regarded as being inconsistent with the disclaimer.

Amathus Drinks Plc & Ors. v EAGK LLP & Ors (2023) demonstrated that auditors may owe third parties a duty of care in contract or tort, even in the presence of disclaimers such as Bannerman clauses. The conduct of the auditor is important to bear in mind. For instance, in this case – which included work outside of the statutory audit – there were direct and extensive communications between the auditors and the third party.

The third party specifying wording to be used in the audit report might also be seen as conduct suggesting an auditor assuming responsibility to that third party.

If auditors know, or can reasonably be expected to have known, that their work will be relied upon by a specific third party, the Bannerman wording may not be sufficient to prevent a duty of care arising.

This risk is particularly acute for auditors of entities in financial difficulties, or where they are dependent on the funding of just one or a few individuals or organisations.

Auditors may believe that Bannerman clauses are supposed to shield them against unintended reliance. However, if they know or should have known someone is going to rely on their report, it is unlikely to protect them.

Considerations for auditors facing requests

Ultimately, decisions regarding how requests for going concern assessment period extensions are dealt with rest with audit firms. In making such decisions, auditors may consider the following:

1. Reading ICAEW’s Technical Release 01/03 AAF.
2. Consulting internal technical, risk, and legal teams. 
3. Discussing auditors’ responsibilities relating to going concern under the auditing standards with management and those charged with governance of the audited entity to help clear up any misunderstandings. A separate engagement to cover any additional work needed over that required by the statutory audit may be appropriate, although that is even more likely to create a duty of care.
4. Exploring the possibility of a separate engagement directly with the third party to provide specific assurances to them. 
5. Seeking external legal counsel, if necessary. The need for specific legal advice is particularly acute where auditors find they are being asked to, or expected to, communicate directly with third parties in connection with the contents of the audit report.  

There is also potential to consider introducing some cautionary wording into the statutory audit report highlighting that the further into the future the going concern assessment extends, the greater the degree of uncertainty. 

However, firms are under no obligation to alter the wording of their audit reports at the request of a third party and, in some cases, it may be necessary to withdraw from an audit engagement when alternative routes to resolution are exhausted. 

In such cases auditors may be required under section 519 of the Companies Act to make a statement of circumstances to the entity, Companies House and the appropriate audit authority. The Financial Reporting Council has provided more detail about the process where an auditor ceases to hold office, with a flowchart that outlines what an auditor must do in different circumstances. 

If firms decide to proceed, management and those charged with governance of the entity being audited should be kept informed. 

In this context, it is worth remembering that the primary responsibility for ensuring that the going concern assessment is appropriate lies with directors.