Reporting in an ISA (UK) audit

Why is it important?

The FRC originally introduced changes to auditor reporting standards in 2014 in response to calls from investors and other users of audited financial statements for more informative and relevant audit reports. They also wanted greater transparency about the nature of the auditor’s work, with enhanced auditor reporting being seen to be critical to the perceived value of financial statement audit.

Subsequently, the IAASB issued its suite of new and revised auditor reporting standards and these requirements were then adopted in the UK with a few key UK pluses which also retain the requirements in the superseded standard on scope and materiality.

The new and revised reporting standards are intended to provide a foundation for future global auditor reporting as well as to accommodate evolving national financial reporting regimes. They seek to strike a balance between a need for greater comparability and consistency in auditor reporting globally and the needs of users of audited financial statements for more relevant information. 

Requirements and challenges

What changes are applicable to all audits?

ISA 700 (Revised) sets out the requirements and layout of the auditor’s report. The first section of the auditor’s report is now the auditor’s opinion.

Within the new basis of opinion paragraph, the auditor now needs to include a statement that the auditor is independent of the entity in accordance with the relevant ethical requirements relating to the audit and has fulfilled the auditor’s other ethical responsibilities. This statement needs to identify the jurisdiction of origin of the ethical requirements or refer to IESBA’s Code of Ethics for professional accountants [ISA 700 (Revised).28(c)].

In the UK, auditors are subject to ethical requirements from two sources: the FRC's Ethical Standard concerning the integrity, objectivity and independence of the auditor, and the ethical pronouncements established by the auditor's relevant professional body. When identifying the relevant ethical requirements in the auditor's report, the auditor needs to indicate that these include the FRC's Ethical Standard, applied as required for the types of entity determined to be appropriate in the circumstances.

There is an enhanced description of the auditor’s responsibilities. In the UK, the auditor is permitted to cross-refer to the applicable version of a "Description of the Auditor's Responsibilities for the Audit of the Financial Statements" maintained on the website of an appropriate authority (the FRC).

There are also enhanced auditor reporting requirements on going concern. There are also specific requirements in relation to other information and for setting out the responsibilities of directors in relation to the preparation of the financial statements. 

What are the reporting requirements on going concern?

The auditor’s report includes a description of respective responsibilities of management and auditors in relation to going concern. In the UK, those charged with governance are responsible for the preparation of the financial statements and the assessment of the entity’s ability to continue as a going concern. 

While not a reporting change, there is an explicit new requirement to challenge the adequacy of disclosures in the financial statements in certain circumstances. This is where events and conditions have been identified that may cast significant doubt on an entity’s ability to continue as a going concern but, based on the audit evidence obtained, the auditor concludes no material uncertainty exists [ISA 570 (Revised).20].

Where the auditor determines that the use of the going concern basis of accounting is appropriate and no material uncertainty has been identified and the auditor is required or decides to communicate key audit matters in accordance with ISA 701, the auditor needs to consider whether a key audit matter relating to going concern exists that should be communicated in the auditor’s report. If so, the auditor needs to communicate the key audit matter in the auditor’s report in accordance with ISA 701.

Also, where the auditor concludes that management’s use of the going concern basis of accounting is appropriate in the circumstances and no material uncertainty has been identified, the auditor needs to report by exception in a separate section in the auditor’s report with the heading “Conclusions relating to Going Concern”, or other appropriate heading, as to whether: 

For entities that are required, and those that choose voluntarily, to report on how they have applied the UK Corporate Governance Code, or to explain why they have not: the auditor has anything material to add or draw attention to in relation to the directors’ statement in the financial statements about whether the directors considered it appropriate to adopt the going concern basis of accounting, and the directors’ identification of any material uncertainties to the entity’s ability to continue to do so over a period of at least twelve months from the date of approval of the financial statements; or

In other cases, the auditor concludes that:

• management’s use of the going concern basis of accounting is not appropriate; or
• management has not disclosed in the financial statements any identified material uncertainties that may cast significant doubt about the entity’s ability to continue to adopt the going concern basis of accounting for a period of at least twelve months from when the financial statements are authorised for issue. 

Where a material uncertainty exists related to events or conditions that may cast significant doubt on an entity’s ability to continue as a going concern, and there is adequate disclosure about it in the financial statements, the auditor expresses an unmodified opinion. But the auditor needs to report this in a separate section in the auditor’s report under the heading “material uncertainty related to going concern” rather than as an emphasis of matter. This new section will still need to draw attention to the note in the financial statements and the auditor will need to state that there is a material uncertainty but the auditor’s opinion is not modified [ISA 570 (Revised).22]. See our audit report helpsheet on materiality uncertainty related to going concern for more guidance.

Who needs to communicate KAM?

Key audit matters are those matters that, in the auditor’s professional judgement, are the most significant in the audit of the current period financial statements and include the most significant assessed risks of material misstatement (whether or not due to fraud) identified by the auditor, including those which had the greatest effect on: the overall audit strategy; the allocation of resources in the audit; and directing the efforts of the engagement team. 

ISA 701 addresses the responsibility for the auditor to communicate KAM in the audit report. It covers the auditor’s judgement as to what to communicate and the form and content of how it is communicated. The ISA also deals with the auditor’s responsibility to communicate other audit planning and scoping matters in the auditor’s report.

It applies to audits of listed entity general purpose financial statements or where the auditor is otherwise required by law or regulation, or decides to, communicate KAM in the auditor’s report. In the UK, it also applies to the audits of complete sets of general purpose financial statements of public interest entities and other entities that are required, and those that choose voluntarily, to report on how they have applied the UK Corporate Governance Code. However, ISA 705 (Revised) prohibits the communication of KAM when the auditor disclaims an opinion on the financial statements, unless required by law or regulation [ISA 705 (Revised).29]. 

ISA 220 Quality control for an audit of financial statements defines a listed entity as an entity whose shares, stock or debt are quoted or listed on a recognised stock exchange, or are marketed under the regulations of a recognised stock exchange or other equivalent body [ISA 220.7g]. In the UK, this includes any company in which the public can trade shares, stock or debt on the open market, such as those listed on the London Stock Exchange (including those admitted to trading on the Alternative Investments Market) and ISDX Markets. It does not include entities whose quoted or listed shares, stock or debt are in substance not freely transferable or cannot be traded freely by the public or the entity.

KAM need to be specific to the entity and it may be helpful for the auditor to see the communication of KAM as a way of showcasing the audit and sharing important knowledge and insights gained.

ISA 701 makes it clear that communicating KAM is not:

• a substitute for disclosures in the financial statements that management is required to make under the applicable financial reporting framework;
• a substitute for the auditor expressing a modified opinion when required under ISA 705 (Revised);
• a substitute for reporting in accordance with ISA 570 (Revised) when a material uncertainty exists casting significant doubt on an entity’s ability to continue as a going concern; or
• a separate opinion on individual matters [ISA 701.4].

How do auditors determine KAM?

Key audit matters are selected from the matters communicated to those charged with governance. In determining KAM the auditor needs to take into account:

• areas of higher assessed risk of material misstatement, or significant risk identified in accordance with ISA 315 (Revised);
• significant auditor judgements relating to areas in the financial statements that involved significant management judgement, including accounting estimates identified as having high estimation uncertainty; and
• the effect on the audit of significant events or transactions that occurred during the period [ISA701.9].

The auditor determines which of these were of the most significance in the audit. ISA 701.A27-A30 provide guidance and factors that may influence this determination.

ISA 260 (Revised) requires the auditor to communicate various matters with those charged with governance. These include the auditor’s responsibilities in relation to the audit, the planned scope and timing of the audit, significant findings from the audit and auditor independence [ISA 260 (Revised).17-19].

The auditor is required to communicate about the significant risks identified by the auditor, as part of communicating an overview of the planned scope and timing of the audit. The nature and extent of communication with those charged with governance about such matters is likely to help the auditor identify which matters are the most significant.

What information needs to be included in the auditor’s report about KAM?

The auditor needs to describe each KAM using an appropriate subheading under the heading “key audit matters”. The description needs to include a reference to the related disclosure, if any, in the financial statements and address:

• why the matter was considered to be one of the most significant and therefore determined a KAM; and
• how the matter was addressed in the audit [ISA 701.13].

For audits of financial statements of public interest entities, in describing each of the key audit matters above and in support of the audit opinion, the auditor’s report needs to include:

• a description of the most significant assessed risks of material misstatement, (whether or not due to fraud);
• a summary of the auditor's response to those risks; and
• where relevant, key observations arising with respect to those risks. 

Where relevant to the above information, the auditor’s report needs to include a clear reference to the relevant disclosures in the financial statements. In describing why the matter was determined to be a key audit matter, the description needs to indicate that the matter was one of the most significant assessed risks of material misstatement (whether or not due to fraud) identified by the auditor.

There are a few exceptions. This may be where law and regulation precludes disclosure or where, in very rare cases, the auditor determines that the adverse consequences of communicating a KAM outweigh the public interest benefits.

Where there is a modified opinion or material uncertainty which casts significant doubt on the entity’s ability to continue as a going concern in the auditor’s report, these are KAM. The KAM section of the audit report would simply refer to the relevant sections of the audit report rather than repeat the detailed information elsewhere in the audit report.

In the UK the auditor’s report also needs to include other audit planning and scoping matters:

• An explanation of how the auditor applied the concept of materiality in planning and performing the audit. Such explanation shall specify the threshold used by the auditor as being materiality for the financial statements as a whole.
• An overview of the scope of the audit, including an explanation of how such scope addressed each KAM relating to one of the most significant risks of material misstatement disclosed; and was influenced by the auditor’s application of materiality disclosed as above. 

To be useful to users of the financial statements, the explanations of the matters required to be set out in the auditor’s report need to enable a user to understand their significance in the context of the audit of the financial statements as a whole and not as discrete opinions on separate elements of the financial statements. They need to be described in a way that enables them to be related directly to the specific circumstances of the entity – so should not be generic or abstract matters expressed in standardised language. In the case of entities that are required, and those that choose voluntarily, to report on how they have applied the UK Corporate Governance Code, or to explain why they have not, the explanations in the audit report should complement the description of significant issues relating to the financial statements, required to be set out in the separate section of the annual report describing the work of the audit committee in discharging its responsibilities. 

What about other reporting responsibilities?

If the auditor is required to report on certain matters by exception, the ISA explains that the auditor needs to describe in the auditor's report the auditor's responsibilities for such matters and incorporate a suitable conclusion in this respect.

For audits of complete sets of general purpose financial statements of public interest entities, the auditor's report also needs to:

• state by whom or which body the auditor(s) was appointed; 
• indicate the date of the appointment and the period of total uninterrupted engagement including previous renewals and reappointments of the firm;
• explain to what extent the audit was considered capable of detecting irregularities, including fraud;
• confirm that the audit opinion is consistent with the additional report to the Audit Committee;
• declare that the non-audit services prohibited by the FRC's Ethical Standard were not provided and that the firm remained independent of the entity in conducting the audit; and 
• indicate any services, in addition to the audit, which were provided by the firm to the entity and its controlled undertaking(s), and which have not been disclosed in the annual report or financial statements.

As well as communicating KAM, auditors of listed entities also need to disclose the name of the engagement partner. In rare circumstances where disclosure is reasonably expected to lead to a significant personal security threat this is not required [ISA 700 (Revised).46]. If the auditor intends not to include the name of the partner, the auditor needs to discuss this intention with those charged with governance to inform the auditor’s assessment of likelihood/severity of a significant personal security threat. 

What about other information in the financial statements?

ISA 720 (Revised) deals with the auditor’s responsibilities relating to other information, whether financial or non-financial information (other than financial statements and the auditor’s report thereon), included in an entity’s annual report. In the UK it also deals with certain additional obligations imposed by law or regulation on the auditor to report on statutory other information, based on the work undertaken in the course of the audit. The statutory other information includes, where required to be prepared: the directors’ report, the strategic report and the separate corporate governance statement.

For entities that are required to prepare statutory other information, as part of obtaining an understanding of the entity and its environment in accordance with ISA 315 (Revised), the auditor needs to obtain an understanding of the legal and regulatory requirements applicable to the statutory other information, and how the entity is complying with those legal and regulatory requirements.

ISA 720 (revised) requires auditors to read and consider other information in the annual report. Other information that is materially inconsistent with the financial statements or the auditor’s knowledge obtained in the audit may indicate a material misstatement of either the financial statements or the other information. In the UK, a misstatement of the other information also exists when the statutory other information has not been prepared in accordance with the legal and regulatory requirements applicable to the statutory other information.

So for entities that are required to prepare statutory other information, the auditor needs to read the statutory other information and consider, based on the work undertaken in the course of the audit, whether the statutory other information appears to be materially misstated in the context of the auditor’s understanding of the legal and regulatory requirements applicable to the statutory other information. The auditor also needs to perform such procedures as are necessary in the auditor’s professional judgement to identify:

• any material inconsistencies between the other information and the financial statements; 
• any material inconsistencies between the other information and the auditor’s knowledge obtained in the audit, in the context of audit evidence obtained and conclusions reached in the audit; and 
• whether the statutory other information appears to be materially misstated in the context of the auditor’s understanding of the legal and regulatory requirements applicable to the statutory other information.

The requirements in ISA 720 (Revised) are applicable to all audits where other information is presented in an annual report.

A separate section is needed in the auditor’s report, titled “other information” or another appropriate heading.

The section needs to include:

• a statement that management is responsible for the other information;
• identification of the other information obtained;
• a statement that the auditor’s opinion does not cover the other information and so the auditor does not express an audit opinion or any other form of assurance conclusion on it. In the UK, where the auditor is required to express an opinion on some or all of the statutory other information, the statement required needs to be a modified statement that the auditor’s opinion on the financial statements does not cover the other information and, accordingly, the auditor does not express an audit opinion or, except to the extent otherwise explicitly stated in the auditor’s report, any form of assurance thereon;
• a description of the auditor’s responsibilities for reading, considering and reporting on the other information (including the statutory other information); and
• if the auditor has concluded that there is a material misstatement of the other information, a statement that describes the uncorrected material misstatement of the other information.

The ISA also sets out the specific reporting requirements for auditors in relation to the strategic report and directors’ report, the separate corporate governance statement and UK Corporate Governance Code reporting, where they are applicable. For further information, please refer to our audit report helpsheets.

Additional guidance

• Audit report helpsheets
• Technical Release AAF01/03 the audit report and auditors’ duty of care to third parties
• The extended auditor report – the start of a conversation
• FRC Compendium of illustrative auditor’s reports on United Kingdom private sector financial statements for periods commencing on or after 17 June 2016