User-driven assurance: fresh thinking
With calls for better engagement between auditors and users, we recommend the application of a three ‘pillar’ model of what we call ‘User-Driven Assurance;’ a new way of thinking about assurance, directed in its first phase by the needs of the primary user – the shareholders.
At the launch in April 2019 of the call for views from Sir Donald Brydon’s Independent Review into the Quality and Effectiveness of Audit Sir Donald stated:
“The voice of the ultimate user has been curiously muted; yet in the rest of the world the consumer drives the evolution of product features.”
It is important to address this problem, to energise engagement with the audit consumer. To this end we recommend consideration of a three “pillar” model of what we call ‘User-Driven Assurance;’ a new way of thinking about assurance, directed in its first phase by the needs of the primary user – the shareholders. We advocate an enhancement of the part played by shareholders in the commissioning of assurance, alongside a more proactive role for audit committees. Assurance of virtually any area of corporate activity is possible, but decisions need to be taken about what’s most important to the business, and shareholders should assume a shared responsibility for those decisions.Our model was developed in response to Sir Donald Brydon’s call for views, which particularly sought information on the audit of public-interest entities. However, we believe that the principles are likely to resonate with a wider range of organisations, including owner-managed businesses.
Sir Donald Brydon has now published Assess, assure and inform: improving audit quality and effectiveness – the final report of his Independent Review. “We are delighted that a number of Sir Donald’s recommendations to promote a user-driven audit are closely aligned with the ideas originally expressed in our June 2019 submission to his call for views and further developed in this essay, published in December 2019,” says Dr Nigel Sleigh-Johnson, Director of ICAEW’s Technical Strategy Accountability Group. “We will be continuing to develop and promote our thinking in this area.”
A new vision for assurance
Our model would comprise a range of assurance engagements and could involve a variety of assurance providers. While this innovative approach would require significant time and effort to develop and make fully operational, we believe that urgent action to address public concerns is needed now, and that progress can be made by building on the solid foundations already in place to support each of the three pillars. It could be an effective way of better meeting the information needs of all stakeholders and contributing towards fully and finally closing the expectation gap.
The three pillars
Pillar 1: Improvements to the statutory audit
In October 2019 Sir Donald Brydon told ICAEW’s Audit and Assurance Faculty conference that "audit matters greatly" and that auditors occupy "a unique and influential position in our society and economy."
ICAEW is in agreement with these statements and recognises that audit needs to become more informative; that the most important issue is the perception and reality of audit quality. It is right to question the value of audit, and to measure the performance of auditors against the highest standards of professionalism. But there is a risk that a focus in audit monitoring on compliance rather than the exercise of judgement may drive dysfunctional behaviour rather than address the real issues. The Audit and Assurance Faculty plans to explore and comment on the topic of audit quality in the coming months.
The first pillar of User-Driven Assurance is therefore an improved version of the statutory audit, with a renewed focus on avoiding disorderly failure and protecting against fraud to improve audit quality. We identify three priority areas for enhancement:
- strengthened internal control responsibilities of directors and auditors, using lessons learnt from implementing SOX in the US;
- directors and auditors applying insights to the foundations of going concern and viability taken from experience with other prospective financial information; and
- auditors becoming more expert in recognising the early warning signs of fraudulent financial reporting.
Auditors already play an important role in these three areas and have a significant impact on corporate behaviour, but there are still things that can be done to address expectation gaps and improve audit quality. Separate Audit and Assurance Faculty essays in this series prepare the profession for change by contributing fresh thinking on these three priority areas. This will provide a basis for a better-informed debate about audit reform and a platform for gathering information on current practice.
Pillar 2: Enhanced use of assurance by regulators and other sector-focused bodies
The second pillar of User-Driven Assurance is the use by regulators and other sector-focused bodies of the range of assurance engagements other than audit. The underlying subject matter of these assurance engagements includes financial and non-financial information and information on systems and processes, and can also cover future-oriented information.
Critically, this second pillar builds on the International Framework for Assurance Engagements and international assurance standards such as ISAE 3000 (Revised), which can be used to design and underpin new assurance engagements.
Such assurance engagements may be required or commissioned by government departments, regulatory bodies and other third parties, including trade and licensing bodies operating in relation to particular business sectors. The importance of such engagements to the smooth functioning of economies should not be lost in the international debate about audit reform.
Pillar 3: Empowerment of shareholders to require the commissioning of assurance
We propose a third pillar of User-Driven Assurance: empowerment of shareholders through new voting rights, alongside a more proactive role for audit committees in this area. Shareholders would be enabled in specified circumstances to require the commissioning of bespoke assurance engagements that are tailored to the specific situation of the company, for example on alternative performance measures (APMs). This builds on the proven approach of the statutory audit and assurance engagements required or commissioned by regulators and other sector-focused bodies, as well as international standards.
The way a business generates value over the long term, ie, its business model, the sustainability of that model, and its principal risks, is of central importance to its shareholders. This means that this third pillar would be a key component of the drive to ensure that governance, reporting and assurance meet the needs not only of shareholders but of wider stakeholders too. In time, consideration might be given to extending the model more formally to amplify the voices of other stakeholders.
The role of audit committees
We recognise that the best audit committees already engage effectively with shareholders. However, there is scope for audit committees to assume greater responsibility for both understanding and meeting the assurance needs of shareholders. Shareholders would then exercise their new voting rights as, in effect, a backstop in situations where unresolved concerns exist about the scope and timing of planned assurance initiatives. Audit committees will therefore need to communicate their assurance planning with shareholders, and, to do so, will need to undertake discussions with both management and auditors.
Audit committees can act now and address the need to enhance the way they engage with shareholders to better understand and meet their assurance needs, without waiting for a formal empowerment of shareholders.
Share your views
We invite you to share your comments with us. What are your thoughts on our proposals for actively engaging with the audit consumer and other users? What other measures do you envisage would help to achieve this? Email us firstname.lastname@example.org.